[OT] Re: configuration error in lists.isc.org

Reindl Harald h.reindl at thelounge.net
Fri Aug 7 16:41:33 UTC 2015


Am 07.08.2015 um 17:23 schrieb Heiko Richter:
> Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas:
>>>> On Aug 6, 2015, at 4:25 PM, Heiko Richter
>>>> <email at heikorichter.name <mailto:email at heikorichter.name>>
>>>> wrote:
>>>>> Whenever I post something to the list (I'm not using SMTP,
>>>>> I'm using a usenet server to post to
>>>>> comp.protocols.dns.bind), my postmaster address receives
>>>>> DMARC notifications from list members that have employed this
>>>>> wonderful protocol on their servers, telling me my message
>>>>> had been rejected for violating my SPF policy.
>>>>>
>>>>> My SPF record doesn't include lists.ist.org
>>>>> <http://lists.ist.org/>, of course and it never will.
>>>>> Furthermore it ends with "-all" so all my messages to the
>>>>> list are being rejected by list members who have spf aware
>>>>> servers.
>
>> SPF must only check envelope address, not header From: address - it
>> was never designed to do the latter.
>
> Correction:
> ------------
> All implementations of SPF always check 2 addresses:
>    - Envelope-From address
>    - From address
>
> SPF will fail whenever the client is not authorized to send for either
> the Envelope-From address or the From address. So while the list
> server changes the envelope from address, SPF will still fail as the
> client is not authorized for the From address

that is pure nonsense - period

not only that there no specs which would mandate that behavior exists 
*any* mail from me to a mailing list would be blocked by rcpts whth SPF 
enforced and frankly *we enforce* SPF and i get my copies

SPF is only about the envelope - no but and no if
how do you imagine SRS to work otherwise?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150807/2120b6de/attachment.bin>


More information about the bind-users mailing list