What to do about SPF rejection?
Dear all,
I today saw three bounces where the receiving mail server had said:
host mail.gfbv.de[185.199.217.16] said: 550 external MTA sending our header From: XXXX <XXX@gfbv.de> (in reply to end of DATA command)
The SPF record for gfbv.de is
gfbv.de. 86400 IN TXT "v=spf1 mx a:epicmail1.newsaktuell.net ~all"
I am not sure, whether mailman 2 has any workaround for this like for the DMARC issue
Can anyone spot, whether there is something wrong with the SPF record? Whose fault is it?
My mailman instance has its own spf record:
lists.ilo169.de. 9531 IN TXT "v=spf1 mx a ip4:5.9.62.175 ~all"
I am not familiar with the spf syntax, so I can't tell whether it is our fault or theirs.
At first glace, it would look to me as if the solution would be similar to the DMARC workaround, that is to swap the original From: address with the list address. But again, mailman offers this option only for DMARC issues.
Does anyone have advice for me?
Thanks so much in advance,
Johannes
In article <e328f9e0-40c9-53ec-2988-4e5ddc0ac80b@gmail.com> you write:
Dear all,
I today saw three bounces where the receiving mail server had said:
host mail.gfbv.de[185.199.217.16] said: 550 external MTA sending our header From: XXXX <XXX@gfbv.de> (in reply to end of DATA command)
The SPF record for gfbv.de is
gfbv.de. 86400 IN TXT "v=spf1 mx a:epicmail1.newsaktuell.net ~all"
I am not sure, whether mailman 2 has any workaround for this like for the DMARC issue
Can anyone spot, whether there is something wrong with the SPF record? Whose fault is it?
Theirs. That message says they apparently have a policy of rejecting any incoming mail with their domain on the From: line. They can do that if they want, but it means that none of their users can participate in mailing lists.
I suppose you could further screw up your list and do DMARC rewrites even for domains without DMARC policies, but I'd suggest contacting whoever is subscribed there and encourage him or her to subscribe from an address that isn't gratuitiously hostile to mailing lists.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
On Mon, 2019-06-17 at 12:47 -0400, John Levine wrote:
In article <e328f9e0-40c9-53ec-2988-4e5ddc0ac80b@gmail.com> you write:
Dear all,
I today saw three bounces where the receiving mail server had said:
host mail.gfbv.de[185.199.217.16] said: 550 external MTA sending our header From: XXXX <XXX@gfbv.de> (in reply to end of DATA command)
The SPF record for gfbv.de is
gfbv.de. 86400 IN TXT "v=spf1 mx a:epicmail1.newsaktuell.net ~all"
I am not sure, whether mailman 2 has any workaround for this like for the DMARC issue
Can anyone spot, whether there is something wrong with the SPF record? Whose fault is it?
Theirs. That message says they apparently have a policy of rejecting any incoming mail with their domain on the From: line. They can do that if they want, but it means that none of their users can participate in mailing lists.
I suppose you could further screw up your list and do DMARC rewrites even for domains without DMARC policies, but I'd suggest contacting whoever is subscribed there and encourage him or her to subscribe from an address that isn't gratuitiously hostile to mailing lists.
I've experienced similar before, some people work for large companies that outsource email policies to others^widiots. I wrote the patch below, which was merged into v2.1.29, specifically to address for such idiotic policies.
https://code.launchpad.net/~jimpop/mailman/dmarc-moderation-addresses/+merge...
-Jim P.
participants (3)
-
Jim Popovitch -
Johannes Rohr -
John Levine