On Sat, Nov 28, 2020 at 03:04:16AM +0000, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > 28/11/20 10:33 ನಲ್ಲಿ, Ming <m...@pgp.cool> ಬರೆದರು: > > On Fri, Nov 27, 2020 at 01:26:06PM +0000, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > > > Testing updated record :P > > > > > > By the way, if anyone has a better way of testing whether an SPF record > > > is working correctly, please let me know! I don't really want to spam the > > > list with these kinds of emails unless I have to, although I *think* this > > > should work. > > > > > > 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ <mailingl...@chiraag.me> ಬರೆದರು: > > > > Please ignore. I'm trying to see whether I get tons of DMARC reports > > > > after I updated my SPF record on my domain. > > > > You can use some free online tools, like: > > http://www.mail-tester.com/ > > https://dkimvalidator.com/ > > > > They all include detection of SPF records. > > Yes, I can see what the records are using a variety of methods (including > those sites). However, it's hard for me to tell if sending emails to this > list will trigger DMARC records due to SPF, and those sites don't help with > that. Regardless, I *think* this should be fixed after editing my SPF record.
In fact, I think the DMARC problem is unsolvable. I am running a mail server of my own. In the DMARC report I received, all the detections of SPF records form the mail forwarded through mailing list were fail (some dkim records also fail, like lists.claws-mail.org, it will modify your email subject). This is an obvious problem. As a forwarder, the mailing list is "pretending" to be us sending emails (The From field in the mail forwarded through the mailing list is still us). Add ip address of the mailing list to your SPF record may solve the problem, but I don’t think you can add the ip addresses of all mailing lists. Unless you can guarantee that you will not join new mailing lists, you have to modify the SPF records frequently. If you just don’t want to receive tons of DMARC reports, I don’t think you should set the rua item in your DMARC records. "rua" is used for aggregate feedback, even if your spf and dkim are both pass in auth results, they will still send a DMARC reports to you(at least for gmail). -- OpenPGP fingerprint: 3C47 5977 4819 267E DD64 C7E4 6332 5675 A739 C74E
signature.asc
Description: PGP signature