broken ISP in china

[Vernon Schryver]

> I see no problem with your SPF IP records though so long as you dont try
> use ns1. Ignoring most of Vernons anti SPF rhetoric, which  BTW this
> list is NOT the place for  (go cry a river on mailop list), he is
> correct that you shouldn't really be using PTR, or A for that mater,
> just have your ip4: and ip6: ranges, and perhaps "mx" and along with
> "-all"  you'll be fine, I have no problems with SPF and lists and have
> been using it since very early days,

Instead of swallowing the SPF liturgy without chewing, use it and
what anyone (including me) says as ideas for your own observations
and tests.  Follow the DMARC instructions on http://www.dmarc.org/
and get the DMARC reports telling you that your SPF -all prevents
the delivery of some of your mail to this mailing list.

Then get Gmail and Hotmail mailboxes, configure Hotmail to forward
to Gmail and send to Hotmail.  You will see in your DMARC reports
from Google that your SPF -all causes your message to disappear in
a blackhole between Gmail and Hotmail.

See also http://www.openspf.org/FAQ/Forwarding and note that neither
Hotmail forwarding to Gmail nor many mailing lists including this
list rewrite the sender addresses.  That has generally been considered
a wrong thing to do since long before pobox.com existed.

Finally, look at the SPF records for AOL, Google, Yahoo, and Microsoft,
and ask yourself whether those organizations don't care about SMTP
forgery or don't believe SPF is an answer.  If they believed, wouldn't
they use SPF -all?

>                         I have no problems with SPF and lists and have
> been using it since very early days,

Maybe it was easier to ignore reality before DMARC.  On the other
hand, http://www.openspf.org/FAQ/Forwarding is unambigous about
the interaction of -all with mailing lists such as this.


Vernon Schryver    vjs at rhyolite.com