[Mimedefang] "<>" problem

Mișu Moldovan dumol at gnome.ro
Tue Aug 31 05:43:26 EDT 2010

- <kd6lvw at yahoo.com> a scris:
> --- On Mon, 8/30/10, Jobst Schmalenbach <jobst at barrett.com.au> wrote:
> > I filter all email with mime defang and I block ANYTHING
> > coming with an ENVELOPE FROM from our domain, no exception.
> Is that significantly different than an SPF record of "v=spf1 ptr
> -all" (i.e. block anything claiming to be you but not from a host in
> your domain)?  Perhaps you should be performing a generic SPF record
> check instead.... 

In practice (at home and at work) I've seen how enforcing SPF like that
breaks at least two common scenarios:

  * external mail aliases. Suppose I have an example.com domain which
enforces SPF the hard way (-all) and an alias on a third-party mail
server redirects mail sent from an example.com SMTP server mentioned in
the SPF record of the example.com domain to my mail server which blocks
every mail that fails SPF checks the hard way. That mail gets bounced on
the third-party mail server and things get hairy...

 * external mailing campaigns. I don't like those either, but marketing
departments have other ideas and stronger arguments, so they happen
sometimes. And those campaigners use so many IP classes to send their
junk that it's unpractical to include them in our SPF entries. We do
have an anti-phishing check in MD for the SMTP envelope and in practice
we except from this check the addresses that we use for these campaigns.

That's why SPF checks in our mail systems only happen in SpamAssassin.
Nevertheless, I've augmented the scores for the SPF tests in SA.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20100831/9357950a/attachment-0003.sig>

More information about the MIMEDefang mailing list