Re: DMARC reports after emails sent to list
Helow Andrew,
Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> writes:
> Hi,
>
> On 14/10/19 9:42 pm, 황병희 wrote:
>> Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> writes:
>>> I have DMARC with DKIM and SPF setup for my domain name.
>>
>> There was related discussion: it's very seriosus...
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754809
>
> Okay, well, I have p=quarantine for my setup, not p=reject, but that
> doesn't seem to be enough.
>
> I get reports from all over the place; the SPF failures may well be
> due to the list emails not having an SPF policy and I'm not going to
> give credentials to Debian to sent emails as me from my server for the
> list as that would be a security risk that is too great.
>
> DMARC needs to work, not be broken at all; it is supposed to help with
> legitimate mail delivery, not hinder it.
>
> SPF should be checked properly as well and emails rejected when they
> don't comply with the domain name's specified "rules". So many domain
> names have multiple SPF records (which results in permerror as you can
> only have one SPF record). It's not as if SPF is new, it has been a
> thing for quite long enough to treat it's rules appropriately. It
> also annoys me when people use "~all" .... to me that simply means,
> "screw it, we don't really care or we don't have a clue how to make
> this work"; it should be "-all" only, unless you are in a testing
> phase and are not yet committed to using SPF properly. Of course
> using "~all" will help when servers don't otherwise play ball
> correctly, but it's still very wrong to me.
>
> It might be better if real mail servers could freely register
> themselves as proper mail servers, they get a signed assertion to use
> from some shared authority, everyone should register and then the
> spammers and fraudsters should be left out in the cold. It would be
> important that legitimate servers be able to fix problems easily
> without extorting funds from them to fix things. If you run a mail
> server, your reputation is at stake, and your rep should count for
> something; if you abuse your assertion, then you should be subject to
> losing it.
>
> Sure, there will be errors with setups as humans are involved; those
> should be found and fixed, then properly observed.
>
> There is another level of problems when emails are forwarded on to the
> rotten mass public mail services; ordinary forwarding brings all sorts
> of other problems (forward as attachment mitigates these problems, but
> it is less easy unless manually done from client email program).
>
> I can blacklist bad IP address of mail servers that are found to be
> doing the wrong thing (just like RBLs do), but I can't block out a
> whole bunch of providers that allow their users to send spam through
> them, such as Microsoft, Google, Yahoo and even Apple and that's
> before even thinking about sendgrid, mandrill and other mass mailing
> services -- we can't easily stop rubbish from those servers without
> blocking good users whom use those services. It would be so much
> better if the big guys would shut up shop or otherwise crack down on
> bad users and stop the problems that require SPF, DMARC and the like.
Please, i'm using sometimes Amazon SES as outbond, so forgive me
i'm not spammer,, Anyway thanks for long comments!!!
> Kind Regards
> AndrewM
>
Sincerely,
--
^고맙습니다 _地平天成_ 감사합니다_^))//
Reply to: