-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Meng Weng Wong writes:
On Tue, Dec 16, 2003 at 11:59:03PM -0800, Justin Mason wrote:
| But in terms of SPF failures -- 2.2229% of my nonspam mail is failing the
| SPF test. That's 32% of all messages with an SPF record available. :(
|
| As far as I can tell, this is because of mailing lists, including Yahoo!
| groups and a couple of small-scale lists, and the .forward situation, all
| of which are relaying a message and preserving the envelope from.
That's a very interesting analysis, thanks for posting it.
I thought yahoo groups sets their own sender domain.
Yes, it's surprising. Not sure how it happened; it could have been
because it was from me to the list.
Ah -- wait -- I think it's a fetchmail dropping. Yahoo! groups adds an
X-Sender header with the original env-from, then fetchmail must be reusing
that; in fact, there was an intervening step where the Y!G env-from was used,
but fetchmail doesn't keep that, instead reusing the wrong one. Like so:
1. originalsender -> listserver, using MAIL FROM: <originalsender>
2. listserver adds X-Sender: originalsender
3. listserver -> myserver, using MAIL FROM: <list-admin>
4. myserver -> fetchmail
5. fetchmail tries to infer envelope from, finds X-Sender from 2.
6. fetchmail -> MTA, using MAIL FROM: <originalsender>
7. MTA -> MDA, using Return-Path: <originalsender>
Can you share the details of the small lists and .forwards? Do the
.forward accounts belong to you or does the forwarding happen earlier up
the chain?
We are probably an anomalous sample --- average users don't come within
3 degrees of a .forward file.
Yep -- as far as they know. ;)
For example, the .forward case was jmason /at/ users.sourceforge.net ; I
didn't realise that that system maintained envelope from. It's maintained
via the web entirely, so an average user could have something similar.
I don't control the .forward file (or alias entry or equivalent).
The lists were two private, small-scale lists. Both are private,
so I can't detail them here ;) I think one is just a sendmail alias,
and the other is...
ah, hold on, it's that X-Sender fetchmail issue again. The list software
adds the original envfrom before rewriting, then, as above, fetchmail uses
that instead of the more recent one :(
I think I'll have to fix SpamAssassin to not try to infer envelope-from
for SPF checking for any message that contains an X-Sender header. argh.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS
iD8DBQE/4KLuQTcbUG5Y7woRAulHAJ0c93iYOwYpZlaSQanMfhxbASiSOQCg3leW
fwZbIkzoAdu1BJ624niRpJA=
=x9dI
-----END PGP SIGNATURE-----
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡