Re: [dmarc-discuss] How to block fake forwarders?
In addition to Vladimir's post, M3AAWG just published an SPF best practices paper that might be useful: https://www.m3aawg.org/sites/default/files/m3aawg_managing-spf_records-2017-08.pdf Seth On Thu, Oct 12, 2017 at 1:00 PM, Pete Holzmann via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Vladimir, > > Thanks for that article. You did cover all of the issues I've seen to > date... including one I > saw just this morning for the first time! > >An organization's SPF has: >v=spf1 mx include:smtproutes.com include:smtpout.com ~all >include:spf.protection.outlook.com -all include:spf. > emailsignatures365.com -all > >They couldn't understand why their outlook email was having trouble :) > > So, I've re-enabled spf for JUST my email server host, using JUST its ip4 > address. Makes > sense... sometimes it needs to send bounce-o-grams. > > Pete > > > On 12 Oct 2017 Vladimir Dubrovin via dmarc-d said... > > > > >And this can be (and most probably is) invalid SPF configuration, > >because mail1.iecc.com can be used in HELO. > > > >I've gathered most common SPF misconceptions in this article: > > > >https://hackernoon.com/myths-and-legends-of-spf-d17919a9e817 > > > > > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > -- [image: logo for sig file.png] Bringing Trust to Email Seth Blank | Director of Industry Initiatives s...@valimail.com +1-415-894-2724 <415-894-2724> ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] How to block fake forwarders?
Vladimir, Thanks for that article. You did cover all of the issues I've seen to date... including one I saw just this morning for the first time! An organization's SPF has: v=spf1 mx include:smtproutes.com include:smtpout.com ~all include:spf.protection.outlook.com -all include:spf.emailsignatures365.com -all They couldn't understand why their outlook email was having trouble :) So, I've re-enabled spf for JUST my email server host, using JUST its ip4 address. Makes sense... sometimes it needs to send bounce-o-grams. Pete On 12 Oct 2017 Vladimir Dubrovin via dmarc-d said... > >And this can be (and most probably is) invalid SPF configuration, >because mail1.iecc.com can be used in HELO. > >I've gathered most common SPF misconceptions in this article: > >https://hackernoon.com/myths-and-legends-of-spf-d17919a9e817 > > ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] How to block fake forwarders?
This is a pretty common practice for domains that people own for brand protection as well - a0l.com has a -all SPF, p=reject DMARC policy, and no MX. On Thu, Oct 12, 2017 at 1:22 AM, Pete Holzmann via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Awesome! Thank you SO much :) > > On 12 Oct 2017 John Levine said... > > >If you want no mail sent or received by ds.org (as opposed > >to any other domains you host) it is just fine to say > >that. > > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > -- PAUL ROCK *Sr Software Dev Engineer* | AOL Mail P: 703-265-5734 | C: 703-980-8380 AIM: paulsrock 22070 Broderick Dr.| Dulles, VA | 20166-9305 ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)