[Mailman-Users] SPF best practices?

Stephen J. Turnbull stephen at xemacs.org
Sun Aug 23 19:59:16 CEST 2015

Mark Sapiro writes:
 > On 08/23/2015 08:13 AM, Stephen J. Turnbull wrote:
 > > 
 > > Executive summary: if you're sure you've got all your hosts covered by
 > > the SPF record, use -all as Jim P says.
 > There is an issue with -all. SPF does not work with .forwards or other
 > relaying of that nature. If you can be certain that every recipient's
 > final MX is the one your server sends to, then -all is OK, but you
 > can't.

True enough.

Note: If I took that argument seriously, I'd use ?all, not ~all,
though.  According to RFC 4408, you shouldn't reject a message only
because of an SPF softfail, but it's not neutral, either.  Mail will
be lost if you use ~all, just not as much.

 > The scenario is your list member is user at example.com.
 > user at example.com is set to forward all mail to example_user at yahoo.com.

Heh.  This user is screwed if you use dmarc_moderation_action too.

Bottom line: Friends don't let friends use Yahoo! or AOL.

More information about the Mailman-Users mailing list