Re: what's best guess record for SPF

2021-12-10 Thread raf 
On Fri, Dec 10, 2021 at 12:58:06PM +0800, Piper H  wrote:

> I dont think so @raf. I can specify my IP's hostname to t-online.de too.

Which might be one of the reasons that people shouldn't be doing this
sort of guessing in the absence of an SPF record.

cheers,
raf

Re: what's best guess record for SPF

2021-12-09 Thread Jaroslaw Rafa 
Dnia 10.12.2021 o godz. 12:58:06 Piper H pisze:
> I dont think so @raf. I can specify my IP's hostname to t-online.de too.

Yes, you can set PTR of your IP to somename.t-online.de, but
somename.t-online.de won't resolve back to your IP. And this is the method
of checking that MTAs (eg. Postfix) usually use.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: what's best guess record for SPF

2021-12-09 Thread Scott Kitterman 



On December 10, 2021 4:32:50 AM UTC, raf  wrote:
>On Tue, Dec 07, 2021 at 07:55:54PM +0800, Piper H  wrote:
>
>> I sent an email from my t-online.de account to gmail.
>> Gmail shows SPF pass by best guessing:
>> 
>> Received-SPF: pass (google.com: best guess record for domain of
>> x...@t-online.de designates 194.25.134.18 as permitted sender)
>> client-ip=194.25.134.18;
>> 
>> And t-online.de has no SPF setup for which you can check from their domain.
>> So what's the best guess record by google?
>> 
>> Thanks in advance.
>> Piper
>
>Just guessing of course, but it's probably the fact that
>the host name of 194.25.134.18 is mailout04.t-online.de
>whose parent domain (t-online.de) matches sender domain.
>They might also accept the sender domain's MX hosts, regardless
>of their domain name.
>
>cheers,
>raf

Pyspf still has the original best guess record hidden in the code from when it 
was first written in 2004:

https://github.com/sdgathman/pyspf/blob/0858adb6cf529e696a42318b7938e0b9e8a86c1c/spf.py#L245

No one should be using this anymore, but some still do.  It's relatively safe 
to use for finding pass results, but should never be used in any negative way.  
It's also, formally, not an SPF result because it's not part of the RFC 
4408/7208 definition of SPF.

Pyspf is the only first generation SPF library that's still maintained, so it's 
got some very old pre-IETF bits laying around still.

Scott K

Re: what's best guess record for SPF

2021-12-09 Thread Piper H 
I dont think so @raf. I can specify my IP's hostname to t-online.de too.

On Fri, Dec 10, 2021 at 12:34 PM raf  wrote:

> On Tue, Dec 07, 2021 at 07:55:54PM +0800, Piper H 
> wrote:
>
> > I sent an email from my t-online.de account to gmail.
> > Gmail shows SPF pass by best guessing:
> >
> > Received-SPF: pass (google.com: best guess record for domain of
> > x...@t-online.de designates 194.25.134.18 as permitted sender)
> > client-ip=194.25.134.18;
> >
> > And t-online.de has no SPF setup for which you can check from their
> domain.
> > So what's the best guess record by google?
> >
> > Thanks in advance.
> > Piper
>
> Just guessing of course, but it's probably the fact that
> the host name of 194.25.134.18 is mailout04.t-online.de
> whose parent domain (t-online.de) matches sender domain.
> They might also accept the sender domain's MX hosts, regardless
> of their domain name.
>
> cheers,
> raf
>
>

Re: what's best guess record for SPF

2021-12-09 Thread raf 
On Tue, Dec 07, 2021 at 07:55:54PM +0800, Piper H  wrote:

> I sent an email from my t-online.de account to gmail.
> Gmail shows SPF pass by best guessing:
> 
> Received-SPF: pass (google.com: best guess record for domain of
> x...@t-online.de designates 194.25.134.18 as permitted sender)
> client-ip=194.25.134.18;
> 
> And t-online.de has no SPF setup for which you can check from their domain.
> So what's the best guess record by google?
> 
> Thanks in advance.
> Piper

Just guessing of course, but it's probably the fact that
the host name of 194.25.134.18 is mailout04.t-online.de
whose parent domain (t-online.de) matches sender domain.
They might also accept the sender domain's MX hosts, regardless
of their domain name.

cheers,
raf

Re: what's best guess record for SPF

2021-12-07 Thread Benny Pedersen 

On 2021-12-07 13:28, Togan Muftuoglu wrote:

"Piper" == Piper H  writes:


Piper> I sent an email from my t-online.de account to gmail.
Piper> Gmail shows SPF pass by best guessing:

Piper> Received-SPF: pass (google.com: best guess record for domain of
Piper> x...@t-online.de designates 194.25.134.18 as permitted sender)
Piper> client-ip=194.25.134.18;

Piper> And t-online.de has no SPF setup for which you can check from 
their

Piper> domain. So what's the best guess record by google?

https://support.google.com/a/answer/10685928?hl=en

"In short Possible causes include:

SPF hasn’t been set up for your domain.
SPF isn’t set up correctly for your domain.
There’s an issue with the DNS at your domain provider."


https://dmarcian.com/spf-survey/?domain=t-online.de
https://dmarcian.com/dmarc-inspector/?domain=t-online.de
https://multirbl.valli.org/lookup/194.25.134.18.html

why accept mail from t-online.de ?

Re: what's best guess record for SPF

2021-12-07 Thread Bill Cole 

On 2021-12-07 at 06:55:54 UTC-0500 (Tue, 7 Dec 2021 19:55:54 +0800)
Piper H 
is rumored to have said:


So what's the best guess record by google?


Only Google knows for sure.

They do whatever their "best guess" is for domains without working SPF 
records. My best guess is that it probably includes looking at the MX 
records and A records for the domain and maybe for common mail server 
names. It may or may not be expressible as a proper SPF record.


I have never seen anyone representing Google on this mailing list. I 
don't believe they use Postfix much and they don't need to come here for 
expert help with however they use it.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: what's best guess record for SPF

2021-12-07 Thread David Bürgin 
Piper H wrote:
> I sent an email from my t-online.de  account to gmail.
> Gmail shows SPF pass by best guessing:
> 
> Received-SPF: pass (google.com : best guess record for 
> domain of x...@t-online.de  designates 194.25.134.18 
> as permitted sender) client-ip=194.25.134.18;
> 
> And t-online.de  has no SPF setup for which you can check 
> from their domain.
> So what's the best guess record by google?

Perhaps relevant:
http://www.open-spf.org/Best_Practices/No_Best_Guess/

Cheers,


-- 
David

Re: what's best guess record for SPF

2021-12-07 Thread Togan Muftuoglu 
> "Piper" == Piper H  writes:

Piper> I sent an email from my t-online.de account to gmail.
Piper> Gmail shows SPF pass by best guessing:

Piper> Received-SPF: pass (google.com: best guess record for domain of
Piper> x...@t-online.de designates 194.25.134.18 as permitted sender)
Piper> client-ip=194.25.134.18;

Piper> And t-online.de has no SPF setup for which you can check from their
Piper> domain. So what's the best guess record by google?

https://support.google.com/a/answer/10685928?hl=en

"In short Possible causes include:

SPF hasn’t been set up for your domain.
SPF isn’t set up correctly for your domain.
There’s an issue with the DNS at your domain provider."

AW: what's best guess record for SPF

2021-12-07 Thread Ludi Cree 
Might be DNSWL, where TOL lists it‘s mailservers so people can overcome the 
frequent spamcop listings etc.

 

I doubt anyone from Gmail reads here. Otherwise: wtf guys? How about stopping 
the #1 worldwide nigeria spam facilitation? They can’t pay that good.

 

Greets,

Ludi

 

 

 

 

Von: owner-postfix-us...@postfix.org  Im 
Auftrag von Piper H
Gesendet: Dienstag, 7. Dezember 2021 12:56
An: Postfix users 
Betreff: what's best guess record for SPF

 

I sent an email from my t-online.de <http://t-online.de>  account to gmail.

Gmail shows SPF pass by best guessing:

 

Received-SPF: pass (google.com <http://google.com> : best guess record for 
domain of x...@t-online.de <mailto:x...@t-online.de>  designates 194.25.134.18 
as permitted sender) client-ip=194.25.134.18;

 

And t-online.de <http://t-online.de>  has no SPF setup for which you can check 
from their domain.

So what's the best guess record by google?

 

Thanks in advance.

Piper

what's best guess record for SPF

2021-12-07 Thread Piper H 
I sent an email from my t-online.de account to gmail.
Gmail shows SPF pass by best guessing:

Received-SPF: pass (google.com: best guess record for domain of
x...@t-online.de designates 194.25.134.18 as permitted sender)
client-ip=194.25.134.18;

And t-online.de has no SPF setup for which you can check from their domain.
So what's the best guess record by google?

Thanks in advance.
Piper