Testing updated SPF record

ಚಿರಾಗ್ ನಟರಾಜ್ mailinglist at chiraag.me
Sat Nov 28 13:41:09 UTC 2020


28/11/20 12:06 ನಲ್ಲಿ, Ming <ming at pgp.cool> ಬರೆದರು:
> On Sat, Nov 28, 2020 at 03:04:16AM +0000, ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
> > 28/11/20 10:33 ನಲ್ಲಿ, Ming <ming at pgp.cool> ಬರೆದರು:
> > > On Fri, Nov 27, 2020 at 01:26:06PM +0000, ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
> > > > Testing updated record :P
> > > > 
> > > > By the way, if anyone has a better way of testing whether an SPF record is working correctly, please let me know! I don't really want to spam the list with these kinds of emails unless I have to, although I *think* this should work.
> > > > 
> > > > 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ <mailinglist at chiraag.me> ಬರೆದರು:
> > > > > Please ignore. I'm trying to see whether I get tons of DMARC reports after I updated my SPF record on my domain.
> > > 
> > > You can use some free online tools, like:
> > > http://www.mail-tester.com/
> > > https://dkimvalidator.com/
> > > 
> > > They all include detection of SPF records.
> > 
> > Yes, I can see what the records are using a variety of methods (including those sites). However, it's hard for me to tell if sending emails to this list will trigger DMARC records due to SPF, and those sites don't help with that. Regardless, I *think* this should be fixed after editing my SPF record.
> 
> In fact, I think the DMARC problem is unsolvable.
> 
> I am running a mail server of my own. In the DMARC report I received,
> all the detections of SPF records form the mail forwarded through
> mailing list were fail (some dkim records also fail, like
> lists.claws-mail.org, it will modify your email subject).
> 
> This is an obvious problem. As a forwarder, the mailing list is
> "pretending" to be us sending emails (The From field in the mail forwarded
> through the mailing list is still us). Add ip address of the
> mailing list to your SPF record may solve the problem, but I don’t think
> you can add the ip addresses of all mailing lists. Unless you can
> guarantee that you will not join new mailing lists, you have to modify
> the SPF records frequently.

I tried using include:mutt.org in my SPF record so that the mailing list's SPF would be included. I'm not sure if it worked though.

> 
> If you just don’t want to receive tons of DMARC reports, I don’t think 
> you should set the rua item in your DMARC records. "rua" is used for 
> aggregate feedback, even if your spf and dkim are both pass in auth 
> results, they will still send a DMARC reports to you(at least for gmail).

Ahhh, I misunderstood how the DMARC record works. I want to get aggregate reports to see when things fail (since very few servers actually send out forensic reports right now), so I'll have to leave rua on and just deal with the DMARC reports.

Since there's no way to quell the aggregate reports (since, as you said, they send them out regardless), I'll leave those on to make sure my email is passing and then probably disable the rua parameter. This is the first time I'm extensively using my custom domain in the "Real World"™, so I want to be sure everything works as expected. Thanks for the clarification!

Sincerely,

Chiraag

-- 
ಚಿರಾಗ್ ನಟರಾಜ್
Pronouns: he/him/his
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - mailinglist at chiraag.me - b0c8d720.asc
Type: application/pgp-keys
Size: 659 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20201128/01dda2db/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 233 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20201128/01dda2db/attachment.asc>


More information about the Mutt-users mailing list