[LEDE-DEV] Broken emails and SPF (Was: [PATCH] This patch adds support for the Actiontec R1000H gateway to the brcm63xx targets.)

Baptiste Jonglez baptiste at bitsofnetworks.org
Thu Feb 23 15:14:19 PST 2017


On Thu, Feb 23, 2017 at 09:48:10PM +0100, David Woodhouse wrote:
> On Thu, 2017-02-23 at 21:35 +0100, Rafał Miłecki wrote:
> > On 12 February 2017 at 14:48, Anthony Sepa via Lede-dev
> > <lede-dev at lists.infradead.org> wrote:
> > > 
> > > The sender domain has a DMARC Reject/Quarantine policy which disallows
> > > sending mailing list messages using the original "From" header.
> > > 
> > > To mitigate this problem, the original message has been wrapped
> > > automatically by the mailing list software.
> > You don't need this and I think you were already instructed on other
> > ML not to do so.
> > 
> > Just include proper From: as the first e-mail of your e-mail body.
> > Actually git format-patch can even do that for you.
> 
> He didn't do that bit. That's the stupid list configuration. Anthony's
> problem was that he was posting from a mail domain with stupid
> settings. The list's stupidity is a reaction to that.
> 
> Personally, I think we're better off just *rejecting* posts from people
> with such broken domains.

Well, it may be stupid, but not really "broken", because it's done
intentionally by Yahoo:

    $ dig +short yahoo.ca TXT
    "v=spf1 redirect=_spf.mail.yahoo.com"
    $ dig +short _spf.mail.yahoo.com TXT
    "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all"
    $ dig +short _dmarc.yahoo.ca TXT
    "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua at yahoo.com;"

Long story short, Yahoo uses SPF to only allow yahoo mail servers to send
emails with a "From:" field in a @yahoo.whatever domain.
Google does the same thing for gmail, but they are just more permissive (for now?).

See also https://www.ietf.org/mail-archive/web/ietf/current/msg87153.html


David, you could configure the mailing list to avoid the annoying wrapping
of the original message, and just change the From field.  This may be less
confusing (but maybe this already got discussed elsewhere?)

Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170224/e0619c4d/attachment-0001.sig>


More information about the Lede-dev mailing list