Hello, On Mon, Mar 04, 2024 at 09:12:43AM +0100, Marco Moock via mailop wrote: > Am 04.03.2024 um 02:25:08 Uhr schrieb Gareth Evans via mailop: > > From > > > > https://www.mailop.org/best-practices > > > > "Having SPF for your own domains is usually considered a weak signal > > ..." > > > > Eh? > > That sounds completely wrong. SPF makes forging the MAIL FROM: address > much harder. Some server actually require it.
In context, that statement is in a section about forwarding email, e.g. operating a mailing list. It was also apparently written in 2020 going by the copyright notice. I think it's just trying to say that the list operator's use of SPF will help, but only a bit. In 2024 I think we'd have to say that you really need SPF and possibly DKIM as well to help get your mail delivered to the large mailbox providers. This best practices document is going to get out of date and be hard to maintain. Maybe we should make it a wiki? I am happy to help technically but I don't relish trying to navigate inevitable issues of disagreement between us all on what is actually best practice. > > "... as is filtering on them" > > > > Such as DNS filtering per > > https://www.ionos.co.uk/digitalguide/server/security/dns-filtering ? > > > > Can anyone add a little more background/meaning/context to this > > advice? > > That sounds like a security nightmare. > Attackers can use any public resolver from Google, Cloudflare or the > ISP and query anything, so they get the information. I'm not sure what the mailop best practices article is trying to say about "filtering on SPF" here, so I wouldn't seize upon what ionos is doing as related to it. I think the mailop page could just be saying that making filtering decisions on SPF alone isn't a good idea. Though again, that's 2020 advice; in 2024 as we know, lack of SPF+DKIM can lead to a filtering decision. I don't know if "we" consider that as "not best practice" but it *is* obviously an extremely common actual practice by now. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
