Looking for a Microsoft person who can help w/ v6 and Office365 email
Bill Owens
owens.bill at gmail.com
Wed Apr 22 18:06:56 CEST 2015
On Wed, Apr 22, 2015 at 11:40 AM, Frank Bulk <frnkblk at iname.com> wrote:
>
> Glad to hear that Microsoft did this on their O365 platform.
>
>
>
> Is there an RFC or other standard that we can point other email providers
to about implementing email admission in this manner?
MAAWG
has
guidelines, for whatever level of 'standard' that is:
https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf
They do a little handwaving around how to handle SPF records: "MAAWG
therefore recommends moving toward rejecting email that does not contain a
valid DKIM
signature or that does not pass SPF checks..."
I am not an expert on SPF, though I've learned quite a bit while
troubleshooting this
and I think something between the Google standard of only allowing SPF to
influence spam scores and the Microsoft no-soup-for-you mode is probably
appropriate. If I were to sketch out a policy for my own server, it might
look like this:
missing or invalid SPF record -> increased spam score, moving to soft
fail or greylisting over time as fewer domains lack SPF
failed SPF check -> follow the SPF record (+?~-)
I'd also only check on the true ingress, when the email enters my domain
(not too hard since I only have one mail server). With a lot of logging to
detect issues without relying on the users to report bounces (admittedly
very hard on a big server, but Google at least may be doing some of that)
and a whitelist mechanism for domains like debian.org that use v6 mail but
refuse to add an SPF record.
Bill.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20150422/1c86e32c/attachment.html
More information about the ipv6-ops
mailing list