On 01/25/2018 02:13 AM, Matus UHLAR - fantomas wrote:
On 01/24/2018 03:45 PM, Joseph Brennan wrote:
The New York Times nytimes.com has a SPF record with too many DNS
lookups. Are you willing to block that? That one amazes me since SPF
is the simplest of these ventures to implement correctly, and since
the Times's frequent mailings of news updates evidently are not
affected enough by SPF fail for the Times to go fix it.
On 24.01.18 16:04, David Jones wrote:
The key point here is the bulk nytimes.com email that is system
generated, i.e. not humans with real mailboxes that could be
compromised, is from subdomains so this entry would be safe since they
do have good SPF records on subdomains:
whitelist_auth *@*.nytimes.com
this only applies when SPF succeeds so it won't fix their broken SPF :-)
But this encourages them to make sure their SPF is not broken if we do
this in the main SA ruleset for everyone running sa-update regularly.
--
David Jones
