Käyttäjän työkalut

Sivuston työkalut


faq:dmarc_spf_considered_harmful

Erot

Tämä näyttää erot valitun ja nykyisen version kesken tästä sivusta.

Linkki vertailunäkymään

faq:dmarc_spf_considered_harmful [2018-07-26 09:36]
haa [For domain administrators (sending side)]
faq:dmarc_spf_considered_harmful [2018-12-12 00:09] (nykyinen)
petri.koistinen DKIM on OK.
Rivi 1: Rivi 1:
 ====== DMARC and SPF considered harmful ====== ====== DMARC and SPF considered harmful ======
 +
 +This page is also visible at http://​www.spfconsideredharmful.org ​
  
 DMARC and SPF break many long-time common email usage patterns like forwarding and mailing lists. ​ DMARC and SPF break many long-time common email usage patterns like forwarding and mailing lists. ​
Rivi 16: Rivi 18:
   * SPF is trying to protect your service against spoofing attacks, i.e., someone claiming to be you and sending emails on your name.   * SPF is trying to protect your service against spoofing attacks, i.e., someone claiming to be you and sending emails on your name.
   * SPF does not protect you against [[https://​en.wikipedia.org/​wiki/​Internationalized_domain_name#​ASCII_spoofing_concerns|internationalized domain name]] look-alike domain phishing or spam   * SPF does not protect you against [[https://​en.wikipedia.org/​wiki/​Internationalized_domain_name#​ASCII_spoofing_concerns|internationalized domain name]] look-alike domain phishing or spam
 +
 +===== Many internet users forward their emails =====
 +
 +Surprisingly many internet users forward their emails, for example
 +  * to read all their email from a single mailbox,
 +  * forward email from old address to current mailbox address,
 +  * temporarily forward emails to their mobile address while traveling, or 
 +  * use an email forwarding service as their permanent personal address (e.g. university alumni addresses such as alumni.mit.edu,​ professional organisations such as acm.org or ieee.org, iki.fi, and many others).
 +
 +Using the power of email like this is more common for experienced users, thought leaders and high value contacts and customers making it important that you consider the reliability of your email reaching the recipients.
 +
 ===== "​Fixes"​ that break things ===== ===== "​Fixes"​ that break things =====
  
Rivi 37: Rivi 50:
  
 Especially if you use the strict ''​-all''​ setting, you will experience your own real emails not being delivered to many recipients, as the email arrives via the forwarding email server(s) instead of the original server and thus may not pass a SPF ''​-all''​ check at the final recipient mailbox. ​ Especially if you use the strict ''​-all''​ setting, you will experience your own real emails not being delivered to many recipients, as the email arrives via the forwarding email server(s) instead of the original server and thus may not pass a SPF ''​-all''​ check at the final recipient mailbox. ​
- 
-Surprisingly many internet users forward their emails, for example 
-  * to read all their email from a single mailbox, 
-  * forward email from old address to current mailbox address, 
-  * temporarily forward emails to their mobile address while traveling, or  
-  * use an email forwarding service as their permanent personal address (e.g. university alumni addresses, ACM.org, iki.fi, and many others). 
  
 The SPF people have a clunky proposed workaround (envelope address rewriting) for some of these issues, but expecting //everyone else on the internet to change to accommodate me// will not happen, so **you should use at most the ''​~all''​ setting with SPF for your own domain** (SPF ''​~all''​ means SoftFail, i.e. //accept but mark// instead of reject). The SPF people have a clunky proposed workaround (envelope address rewriting) for some of these issues, but expecting //everyone else on the internet to change to accommodate me// will not happen, so **you should use at most the ''​~all''​ setting with SPF for your own domain** (SPF ''​~all''​ means SoftFail, i.e. //accept but mark// instead of reject).
Rivi 69: Rivi 76:
 More information around the internet: More information around the internet:
   * http://​david.woodhou.se/​why-not-spf.html (slightly old)   * http://​david.woodhou.se/​why-not-spf.html (slightly old)
-  * https://​www.zdnet.com/​article/​dkim-useless-or-just-disappointing/​ 
faq/dmarc_spf_considered_harmful.txt · Viimeksi muutettu: 2018-12-12 00:09 / petri.koistinen