Re: Received-SPF: Softfail
On 2022-01-10 at 23:00:43 UTC-0500 (Tue, 11 Jan 2022 05:00:43 +0100) Fourhundred Thecat <400the...@gmx.ch> is rumored to have said: Hello, is it safe to ban senders that generate SPF Softfail ? No. policyd-spf: prepend Received-SPF: Softfail I have pasted full header here: https://ctxt.io/2/AABg5vIYEw What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? Yes. That's the whole reason softfail exists in SPF. Not every domain has a statically definable set of legitimate SMTP client IPs. The best example is simple traditional forwarding. On most unix-like systems any user can put an address in ~/.forward and have all of their local mail forwarded to that address *without changing the envelope sender*! Traditional 'alias' file entries work the same way, preserving the envelope sender on the forwarded mail. This has been reliably breaking SPF for almost 2 decades. That fact has never had enough impact to get everyone to deploy SRS (which can be a massive headache) or to stop using "-all" in SPF records. Unless you want to be cannon fodder in the war on transparent forwarding, rejecting mail absolutely based on a SPF softfail (or even a SPF strict fail) is a choice that will be regretted on any mail system of middling scale. Huge providers (M365, GMail, GMX, Yahoo, etc.) can do enforcement of hard fails because they offer self-serve mitigations and can tolerate a constant murmur of unhappy users. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Received-SPF: Softfail
On 2022-01-11 12:54, Fourhundred Thecat wrote: On 2022-01-11 10:40, Matus UHLAR - fantomas wrote: On 11.01.22 05:00, Fourhundred Thecat wrote: What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? misconfiguratons. I am quite happy to ban misconfigured / misbehaved servers. Shouldn't legitimate servers be configured properly ? your server, your problem :=) but mta can soft fail aswell keep this in mind why its diffrent for spf ?
Re: Received-SPF: Softfail
On 2022-01-11 12:51, Fourhundred Thecat wrote: On 2022-01-11 11:32, Jaroslaw Rafa wrote: Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze: What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? Forwarding. you mean SPF fail in general? I am asking specifically for "soft fail" mta can soft fail aswell, not need for spf to get this problem, would you like mta to reject soft fails aswell ?
Re: Received-SPF: Softfail
On 2022-01-11 11:32, Jaroslaw Rafa wrote: Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze: What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? Forwarding. diffrent spf domain
Re: Received-SPF: Softfail
On 11.01.22 05:00, Fourhundred Thecat wrote: What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? On 2022-01-11 10:40, Matus UHLAR - fantomas wrote: misconfiguratons. On 11.01.22 12:54, Fourhundred Thecat wrote: I am quite happy to ban misconfigured / misbehaved servers. Shouldn't legitimate servers be configured properly ? yes. but if you are going to implement SPF on your domain, it's better start with softfails so your mail doesn't get rejected by remote servers just because you forget/misconfigure something. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watkins. -- Daffy Duck & Porky Pig
Re: Received-SPF: Softfail
Dnia 11.01.2022 o godz. 12:51:54 Fourhundred Thecat pisze: > > On 2022-01-11 11:32, Jaroslaw Rafa wrote: > >Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze: > >> > >>What I am asking is, are there situations where legitimate sender > >>(non-spam) would generate soft fail? > > > >Forwarding. > > you mean SPF fail in general? > > I am asking specifically for "soft fail" "~all" at the end of SPF record would generate a softfail. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Received-SPF: Softfail
> On 2022-01-11 10:40, Matus UHLAR - fantomas wrote: On 11.01.22 05:00, Fourhundred Thecat wrote: What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? misconfiguratons. I am quite happy to ban misconfigured / misbehaved servers. Shouldn't legitimate servers be configured properly ?
Re: Received-SPF: Softfail
> On 2022-01-11 11:32, Jaroslaw Rafa wrote: Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze: What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? Forwarding. you mean SPF fail in general? I am asking specifically for "soft fail"
Re: Received-SPF: Softfail
Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze: > > What I am asking is, are there situations where legitimate sender > (non-spam) would generate soft fail? Forwarding. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Received-SPF: Softfail
On 11.01.22 05:00, Fourhundred Thecat wrote: is it safe to ban senders that generate SPF Softfail ? The point of softfail is NOT to reject those mails - that's wht soft means. policyd-spf: prepend Received-SPF: Softfail I have pasted full header here: https://ctxt.io/2/AABg5vIYEw What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? misconfiguratons. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut.
Re: Received-SPF: Softfail
On 2022-01-11 07:55, Fourhundred Thecat wrote: sorry, the previous link expired. Here is the header again: https://ctxt.io/2/AABgetU0Fw www-data@ co.uk amazon.ch good point its softfailed what would one do on reply
Re: Received-SPF: Softfail
> On 2022-01-11 05:00, Fourhundred Thecat wrote: Hello, is it safe to ban senders that generate SPF Softfail ? policyd-spf: prepend Received-SPF: Softfail I have pasted full header here: https://ctxt.io/2/AABg5vIYEw What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail? sorry, the previous link expired. Here is the header again: https://ctxt.io/2/AABgetU0Fw
Re: Received-SPF: Softfail
On Monday, January 10, 2022 11:00:43 PM EST Fourhundred Thecat wrote: > Hello, > > is it safe to ban senders that generate SPF Softfail ? > >policyd-spf: prepend Received-SPF: Softfail > > I have pasted full header here: https://ctxt.io/2/AABg5vIYEw > > What I am asking is, are there situations where legitimate sender > (non-spam) would generate soft fail? Yes. Scott K
Received-SPF: Softfail
Hello, is it safe to ban senders that generate SPF Softfail ? policyd-spf: prepend Received-SPF: Softfail I have pasted full header here: https://ctxt.io/2/AABg5vIYEw What I am asking is, are there situations where legitimate sender (non-spam) would generate soft fail?