Hector,
Answers inline below.
On Fri, Jun 16, 2023 at 11:30 AM Hector Santos wrote:
> Steve,
>
> Thanks for the inbound MX verification stats.
>
> Can I ask, does the umn.edu mx network of compliant SPF/DMARC servers
> honor the Reject and Quarantine?
>
Yes. We only did this after a year or
Hi,
Am 16.06.2023 um 13:28 schrieb Sebastiaan de Vos:
The need for separate DKIM failure codes to be able to separate
between in-transit changes and public key errors is more than just
valid and I don't consider SPF worthless in general, but I just find
it disturbing how the obviously
Below is a table of SPF/DKIM/DMARC statuses over the past 30 days on our
inbound MX servers (umn.edu and several *.umn.edu domains). Note that we
employ a DMARC policy of p=reject; also note that we have split our dmarc
'fail' status into three categories:
*fail* indicates a DMARC failure where
The need for separate DKIM failure codes to be able to separate between
in-transit changes and public key errors is more than just valid and I
don't consider SPF worthless in general, but I just find it disturbing
how the obviously misplaced confidence in SPF currently weakens the
whole DMARC
On Fri 16/Jun/2023 13:02:46 +0200 Douglas Foster wrote:
The solution is to talk about the differences in confidence provided by the
different authentication methods, and note that evaluators have reason to
distrust some of them. That distrust could cause a weakly authenticated
message to be
RFC 7489 takes 8 different authentication mechanisms and lumps them into a
single PASS result:
DKIM or SPF, each with up to four types of alignment: same domain,
parent->child, child->parent, and sibling->sibling
These eight mechanisms all provide some level of confidence that the
message is not
Many thanks. That figure seems to be more or less in agreement with
what others here have obtained on smaller samples. However small, it
may confer to SPF the role of a stabilizer in DMARC mail flows.
How could SPF be a stabilizer when it's proven to be a highly unreliable
mechanism? I'd
On Thu 15/Jun/2023 23:25:44 +0200 Tero Kivinen wrote:
I rerun the statistics and yes, there is 0.84% cases where dkim
failed, but spf returned either pass, softfail or neutral.
Many thanks. That figure seems to be more or less in agreement with what
others here have obtained on smaller