Re: SPF check for moderation relay

Liste des GroupesRevenir à na technical 
Sujet : Re: SPF check for moderation relay
De : ahk (at) *nospam* chinet.com (Adam H. Kerman)
Groupes : news.admin.technical
Date : 10. Dec 2024, 21:12:41
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vja6t0$13p1a$1@dont-email.me>
References : 1 2 3
User-Agent : trn 4.0-test77 (Sep 1, 2010)
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
On 10.12.2024 18:47 Uhr Ivo Gandolfo wrote:

However, given how the system works, there is no simple answer on how
to overcome all this.

Unless write a RFC specifically, the problem remains that even if a
new method were to be found, there are now old and/or unmaintained
systems around, which would still use the old way of sending emails.

If the moderation destination mailbox requires working SPF/DKIM, the
addresses need to be rewritten.

Please to gawd do not pursue this.

The encoding always should have been based on ENVELOPE FROM, never on
the From header in the mailing address. This misuse of the protocols has
screwed up mailing lists for years and never had anything to do with
identity protection. News to Mail gateways would be similarly affected.

Not having learned a lesson from how mailing lists were adversely
impacted, you would spread the pain to moderation? With moderation, it's
not possible to avoid use of a relay unless self approvals are used.

There is no identity on the From header to protect!

The usenet servers that send mail to my moderation relay (not
destination) often use their own domain as the envelope from. SPF
checking would be possible then.

Well, yes, but what are you trying to accomplish here? It's not the
identity of the author.

Usenet has been doing moderation in a somewhat useless manner forever.
The proto article probably should have been an attachment to have
something useful on Path. Instead, when the reader reads the approved
article on the server he reads from, the Path traces back to the
moderator's host and we lose the portion of the path that would have
traced back to the author.

If I'm concerned about the author's identity, I'd need to see Path back
to him.

Mail from my machine wasn't rejected yet.

Uh, good. No one along the relay path of a proto article or the approved
article injected back into Usenet should be checking SPF/DKIM at all.

If they are, then their implementation is broken.


--
Approved by robomod. For info contact the admin.
V1.0

Date Sujet#  Auteur
10 Dec 24 * SPF check for moderation relay10Marco Moock
10 Dec 24 +* Re: SPF check for moderation relay5Ivo Gandolfo
10 Dec 24 i`* Re: SPF check for moderation relay4Marco Moock
10 Dec 24 i +- Re: SPF check for moderation relay1John Levine
10 Dec 24 i `* Re: SPF check for moderation relay2Adam H. Kerman
11 Dec 24 i  `- Re: SPF check for moderation relay1Julien ÉLIE
10 Dec 24 `* Re: SPF check for moderation relay4Russ Allbery
10 Dec 24  `* Re: SPF check for moderation relay3Russ Allbery
10 Dec 24   +- Re: SPF check for moderation relay1Marco Moock
10 Dec 24   `- Re: SPF check for moderation relay1Ivo Gandolfo

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal