Looking for a Microsoft person who can help w/ v6 and Office365 email
owens.bill at gmail.com
Wed Apr 22 18:06:56 CEST 2015
On Wed, Apr 22, 2015 at 11:40 AM, Frank Bulk <frnkblk at iname.com> wrote:
> Glad to hear that Microsoft did this on their O365 platform.
> Is there an RFC or other standard that we can point other email providers
to about implementing email admission in this manner?
guidelines, for whatever level of 'standard' that is:
They do a little handwaving around how to handle SPF records: "MAAWG
therefore recommends moving toward rejecting email that does not contain a
signature or that does not pass SPF checks..."
I am not an expert on SPF, though I've learned quite a bit while
and I think something between the Google standard of only allowing SPF to
influence spam scores and the Microsoft no-soup-for-you mode is probably
appropriate. If I were to sketch out a policy for my own server, it might
look like this:
missing or invalid SPF record -> increased spam score, moving to soft
fail or greylisting over time as fewer domains lack SPF
failed SPF check -> follow the SPF record (+?~-)
I'd also only check on the true ingress, when the email enters my domain
(not too hard since I only have one mail server). With a lot of logging to
detect issues without relying on the users to report bounces (admittedly
very hard on a big server, but Google at least may be doing some of that)
and a whitelist mechanism for domains like debian.org that use v6 mail but
refuse to add an SPF record.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ipv6-ops