From mboxrd@z Thu Jan 1 00:00:00 1970 From: theo borm Date: Fri, 11 May 2012 13:55:55 +0000 Subject: Re: [mlmmj] mlmmj and spf Message-Id: <4FAD1A6B.5010806@borm.org> MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------010800070107050200000007" List-Id: References: <4FACFAE7.60904@borm.org> In-Reply-To: <4FACFAE7.60904@borm.org> To: mlmmj@mlmmj.org --------------010800070107050200000007 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit Hi Christian, Thanks for the answer. On 05/11/2012 02:43 PM, Christian Laursen wrote: > On 05/11/12 13:41, theo borm wrote: > > >> We operate a small, closed, moderated mailing list that recently stopped >> working for a large part of its subscribers. The organization of which >> these subscribers are a member maintains an SPF record which denies >> access to all servers except a named few, which seems to be the cause of >> these problems. > > It sounds like their SPF implementation is broken. microsoft? > >> As a work-around I set mlmmj to use a different from address in the >> "From:" header. This solution is, however, plainly bad as it removes the >> original sender from the headers. I have seen other lists use "Sender:" >> header, but results are a mixed bag. With strict SPF checking of the >> "From:" header in place these mails also don't pass. > > SPF checking should be done on the enevelope FROM address, not the > From: header contained inside the mail. http://www.openspf.org/SPF_vs_Sender_ID summarizes this nicely: How will /Sender ID/ implementations violating the /SPF/ specification affect me? If you have published an |v=spf1| policy to protect the use of your domain in the MAIL FROM and HELO addresses, /Sender ID/ implementations that apply your policy to /PRA/ (per RFC 4406) will reject your mail if you use your domain in the "|From|" (or generally /PRA/) header field while sending from (MAIL FROM) another system. organization has an |v=spf1| policy in place. Mail is outsourced to microsoft, which uses sender ID. It's the receiving server which has to implement spf/sender-ID, so delivery is erratic to say the least. > > When mlmmj send out mails to the list subscribers the envelope from > looks something like this: > listname+bounces-XXXX-recipient=example.com@listowner.tld listowner.tld doesn't have an spf record. this is not the problem. problem is the "From" field/ > > So the SPF checking is done against the domain that the list is > running on. > > The correct cause of action would be to get the organization with > broken SPF checking to fix that. > I (and others) have told them a few times to no avail. regards, Theo --------------010800070107050200000007 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit Hi Christian,

Thanks for the answer.

On 05/11/2012 02:43 PM, Christian Laursen wrote:
On 05/11/12 13:41, theo borm wrote:
>
We operate a small, closed, moderated mailing list that recently stopped
working for a large part of its subscribers. The organization of which
these subscribers are a member maintains an SPF record which denies
access to all servers except a named few, which seems to be the cause of
these problems.

It sounds like their SPF implementation is broken.

microsoft?


As a work-around I set mlmmj to use a different from address in the
"From:" header. This solution is, however, plainly bad as it removes the
original sender from the headers. I have seen other lists use "Sender:"
header, but results are a mixed bag. With strict SPF checking of the
"From:" header in place these mails also don't pass.

SPF checking should be done on the enevelope FROM address, not the From: header contained inside the mail.

http://www.openspf.org/SPF_vs_Sender_ID summarizes this nicely:

<quote>
How will Sender ID implementations violating the SPF specification affect me?

If you have published an v=spf1 policy to protect the use of your domain in the MAIL FROM and HELO addresses, Sender ID implementations that apply your policy to PRA (per RFC 4406) will reject your mail if you use your domain in the "From" (or generally PRA) header field while sending from (MAIL FROM) another system.
</quote>

organization has an v=spf1 policy in place. Mail is outsourced to microsoft, which uses sender ID.

It's the receiving server which has to implement spf/sender-ID, so delivery is erratic to say the least.



When mlmmj send out mails to the list subscribers the envelope from looks something like this:
listname+bounces-XXXX-recipient=example.com@listowner.tld

listowner.tld doesn't have an spf record.

this is not the problem. problem is the "From" field/


So the SPF checking is done against the domain that the list is running on.

The correct cause of action would be to get the organization with broken SPF checking to fix that.


I (and others) have told them a few times to no avail.

regards, Theo

--------------010800070107050200000007--