tag:blogger.com,1999:blog-8616610987649128333.post2443353980806094430..comments2024-03-07T18:07:32.939+01:00Comments on That grumpy BSD guy: Is SPF Simply Too Hard For Application Developers?Peter N. M. Hansteenhttp://www.blogger.com/profile/12852746787621165833noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-8616610987649128333.post-48258019516612732332016-10-27T22:12:48.733+02:002016-10-27T22:12:48.733+02:00Vel, nå er ikke mx.isp.as2116.net Altinn sin. Det ...Vel, nå er ikke mx.isp.as2116.net Altinn sin. Det er Broadnet (om du gidder å sjekke, så er AS2116 Broadnet i RIPE). Du finner den også som smtp.bluecom.no av historiske årsaker.<br />Så kontaktskjemaet til Altinn går altså via Broadnet SMTPAnonymoushttps://www.blogger.com/profile/16579789694817731493noreply@blogger.comtag:blogger.com,1999:blog-8616610987649128333.post-79999143226849640972016-10-25T11:16:09.573+02:002016-10-25T11:16:09.573+02:00I too have experienced mail bounces due to SPF and...I too have experienced mail bounces due to SPF and abuses of my own email address in the from-address field. The fire department in Gjøvik, Norway is no exception. I never tried to make the fire department aware of this bug, as I figured my notice would never be forwarded to a competent person in the first place. As a tax payer I would demand a refund.Trond Endrestølhttp://ximalas.info/noreply@blogger.comtag:blogger.com,1999:blog-8616610987649128333.post-27046925779334573612016-10-22T08:17:55.635+02:002016-10-22T08:17:55.635+02:00It is not SPF that is too hard, but mail that is t...It is not SPF that is too hard, but mail that is too complex. Too often sending and receiving domains deploying SPF and DKIM don't consider the variety of paths email can take. These include mailing lists, recipient forwarding, and "mail this article to a friend" use cases. They apply harsh policies that cause some legitimate mail to fail.<br /><br />Unfortunately, it does not seem like that was the case here, as the domain administrators knew of the problem but did not consider it important enough to fix.<br /><br />Similar problems have arisen with DMARC, where domains have published "reject" policies that have interfered with their users participating on mailing lists. This occurred with Yahoo a couple of years ago: http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html<br /><br />My opinion is that we need alternatives to email for some classes of messages, particularly transactional messages (from banks, etc.) that are widely phished. If we can agree on more suitable media for those messages, maybe we can start to unwind the pressure on the email system. We still need email, but we are asking too much of it.<br />Jim Fentonhttps://altmode.orgnoreply@blogger.comtag:blogger.com,1999:blog-8616610987649128333.post-22298006943605272922016-10-21T15:54:54.316+02:002016-10-21T15:54:54.316+02:00Very interesting read.
No, SPF is not too hard. I...Very interesting read.<br /><br />No, SPF is not too hard. If I'm understanding correctly, SPF is not the issue in this scenario. More of a side-effect. SPF is just doing exactly what it is supposed to do! The real question is "Are contact forms too hard for application developers". In this case, yes. :PComputer and Networking Lexingtonhttp://cssi.usnoreply@blogger.comtag:blogger.com,1999:blog-8616610987649128333.post-4352891250701969192016-10-21T09:50:12.603+02:002016-10-21T09:50:12.603+02:00My initial reply, which sounds significantly muted...My initial reply, which sounds significantly muted compared to my inital reaction, was (quoting):<br /><br />"Det er verd å gjøre oppmerksom på at det er *deres* mailserver (mx.isp.as2116.net) som avviser meldingen.<br /><br />Det enkleste er helt åpenbart at de som har ansvar for den serveren slår av SPF-sjekken. Da vil post sendt fra deres kontaktskjema komme gjennom, også for avsendere i domener som publiserer SPF.<br /><br />At dette forholdet var kjent for dere fra før, gjør ikke saken noe bedre."<br /><br />Translation:<br /><br />"It's worth pointing out that it's *your* mailserver (mx.isp.as2116.net) that rejects the message<br /><br />The obviously simplest approach is to have those responsible for the server disable the SPF check. That way, mail sent from your contact for will make it through, including senders in domains that publish SPF.<br /><br />The fact that you knew about this already, does not improve matters."<br /><br />Not a correct approach in any shape way or form, but at least it would have had messages from senders with correctly configured SPF records limp through. <br /><br />The *correct* approach is in the article, initially formulated a few moments after I'd hit send on that reply.Peter N. M. Hansteenhttps://www.blogger.com/profile/12852746787621165833noreply@blogger.comtag:blogger.com,1999:blog-8616610987649128333.post-74085908104254911652016-10-21T09:26:58.389+02:002016-10-21T09:26:58.389+02:00P.S: Thinking about this, I sort of wish you had r...P.S: Thinking about this, I sort of wish you had replied something like: "This is not caused by broken SPF support, it is caused by you forging sender addres on an e-mail, using MY address as sender." Håkon Alstadheimhttps://www.blogger.com/profile/02353605905677883363noreply@blogger.comtag:blogger.com,1999:blog-8616610987649128333.post-25043913774547319742016-10-21T09:21:41.600+02:002016-10-21T09:21:41.600+02:00If SPF is too hard, whatever messaging tech replac...If SPF is too hard, whatever messaging tech replaces e-mail will surely be much easier to use correctly from a web-app -- NOT.<br />In other words: giving up and moving on to some other technology than e-mail is not a solution.<br />The only solution is that tool-kits and frame-works contain enough pointers to correct documentation to nudge developers towards correct usage. Won't happen over night, but there is no other option.Håkon Alstadheimhttps://www.blogger.com/profile/02353605905677883363noreply@blogger.com