You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2016/05/20 17:03:20 UTC

Whitelisting and Expedia/Orbitz

Hi,

Is it necessary to use the Envelope-From address when whitelisting
with whitelist_from_spf? The docs are unclear as to whether I can just
use the regular From address, which would be easier for me.

Apparently using the regular From address appears to not be
considered, however. Perhaps I should just use DKIM.

whitelist_from_spf Expedia@th.expediamail.com
vs
X-Envelope-From:
        <32...@mg.expediamail.com>

or *@mg.expediamail.com

I've added a few rules that score bulk mail higher, but this is one
that needs to go through. My thinking is that I'll score much of the
regular junk higher, then whiltelist with SPF the ones that need to go
through (a la David B Funk approach).

Thanks,
Alex

Re: Whitelisting and Expedia/Orbitz

Posted by Benny Pedersen <me...@junc.eu>.

On 2016-05-20 19:03, Alex wrote:

> Is it necessary to use the Envelope-From address when whitelisting
> with whitelist_from_spf? The docs are unclear as to whether I can just
> use the regular From address, which would be easier for me.

use opendkim for this test, and if you have Sender-ID on your own domain 
remove it

> Apparently using the regular From address appears to not be
> considered, however. Perhaps I should just use DKIM.

yes use dkim

> whitelist_from_spf Expedia@th.expediamail.com
> vs X-Envelope-From:

postfix use Return-Path header, did you tell spamassassin that ?

> <32...@mg.expediamail.com>
> or *@mg.expediamail.com

irelevant for dkim and spf

> I've added a few rules that score bulk mail higher, but this is one
> that needs to go through. My thinking is that I'll score much of the
> regular junk higher, then whiltelist with SPF the ones that need to go
> through (a la David B Funk approach).

this is unrelated to dkim/spf/dmarc

Re: Whitelisting and Expedia/Orbitz

Posted by Bill Cole <sa...@billmail.scconsult.com>.

On 20 May 2016, at 13:03, Alex wrote:

> Hi,
>
> Is it necessary to use the Envelope-From address when whitelisting
> with whitelist_from_spf?

SPF is specified to apply to the domain in the SMTP envelope sender and 
secondarily, the HELO domain.

It is not rational to expect that a SPF record for the domain of a From 
header which differs from the domain of the envelope sender address to 
be accurate for that message.

> The docs are unclear as to whether I can just
> use the regular From address, which would be easier for me.
>
> Apparently using the regular From address appears to not be
> considered, however. Perhaps I should just use DKIM.

If you want to authenticate From headers, DKIM is the most useful 
approach.

Note that because From headers are not intrinsically related to the 
transport of mail, there must be something like DKIM added on to bind 
them.

Re: Whitelisting and Expedia/Orbitz

Posted by Reindl Harald <h....@thelounge.net>.


Am 21.05.2016 um 19:13 schrieb Matus UHLAR - fantomas:
>> Am 21.05.2016 um 06:04 schrieb Nick Edwards:
>>> clueless newbie troll
>>> microsofts own attempt at SPF did allow checking in "from"
>
> On 21.05.16 12:47, Reindl Harald wrote:
>> ididot SPF is defined by the IETF and not by microsoft
>>
>> https://en.wikipedia.org/wiki/Sender_ID !=
>> https://en.wikipedia.org/wiki/Sender_Policy_Framework
>
> this changes nothing on the fact that Microsoft tried to redefine SPF usage
> to match header addresses (by default).

what microsoft tried years ago don't matter

> you apparently missed this, please stop calling people who didn't idiots

i will call anybody which steps in unasked with "newbie troll" as idiot 
at any point of time on every place especially if the one is called Nick 
Edwards

Re: Whitelisting and Expedia/Orbitz

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

>Am 21.05.2016 um 06:04 schrieb Nick Edwards:
>>clueless newbie troll
>>microsofts own attempt at SPF did allow checking in "from"

On 21.05.16 12:47, Reindl Harald wrote:
>ididot SPF is defined by the IETF and not by microsoft
>
>https://en.wikipedia.org/wiki/Sender_ID != 
>https://en.wikipedia.org/wiki/Sender_Policy_Framework

this changes nothing on the fact that Microsoft tried to redefine SPF usage
to match header addresses (by default).

you apparently missed this, please stop calling people who didn't idiots.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.

Re: Whitelisting and Expedia/Orbitz

Posted by Reindl Harald <h....@thelounge.net>.


Am 21.05.2016 um 06:04 schrieb Nick Edwards:
> clueless newbie troll
> microsofts own attempt at SPF did allow checking in "from"

ididot SPF is defined by the IETF and not by microsoft

https://en.wikipedia.org/wiki/Sender_ID != 
https://en.wikipedia.org/wiki/Sender_Policy_Framework

> On Sat, May 21, 2016 at 2:50 AM, Reindl Harald <h.reindl@thelounge.net
> <ma...@thelounge.net>> wrote:
>
>     Am 20.05.2016 um 19:25 schrieb Vincent Fox:
>
>         SPF is only about envelopes?
>
>
>     yes
>
>         Unless you are Microsoft, who check against the From in the header.
>
>
>     nonsense
>
>     you likely confuse DMARC with SPF
>
>
>         ________________________________________
>         From: Reindl Harald <h.reindl@thelounge.net
>         <ma...@thelounge.net>>
>         Sent: Friday, May 20, 2016 10:23:45 AM
>         To: users@spamassassin.apache.org
>         <ma...@spamassassin.apache.org>
>         Subject: Re: Whitelisting and Expedia/Orbitz
>
>         Am 20.05.2016 um 19:03 schrieb Alex:
>
>             Is it necessary to use the Envelope-From address when
>             whitelisting
>             with whitelist_from_spf? The docs are unclear as to whether
>             I can just
>             use the regular From address, which would be easier for me
>
>
>         SPF is by definition only about envelopes
>         however, just use whitelist_auth -> RTFM

Re: Whitelisting and Expedia/Orbitz

Posted by Nick Edwards <ni...@gmail.com>.

clueless newbie troll
microsofts own attempt at SPF did allow checking in "from"


On Sat, May 21, 2016 at 2:50 AM, Reindl Harald <h....@thelounge.net>
wrote:

>
>
> Am 20.05.2016 um 19:25 schrieb Vincent Fox:
>
>> SPF is only about envelopes?
>>
>
> yes
>
> Unless you are Microsoft, who check against the From in the header.
>>
>
> nonsense
>
> you likely confuse DMARC with SPF
>
>
> ________________________________________
>> From: Reindl Harald <h....@thelounge.net>
>> Sent: Friday, May 20, 2016 10:23:45 AM
>> To: users@spamassassin.apache.org
>> Subject: Re: Whitelisting and Expedia/Orbitz
>>
>> Am 20.05.2016 um 19:03 schrieb Alex:
>>
>>> Is it necessary to use the Envelope-From address when whitelisting
>>> with whitelist_from_spf? The docs are unclear as to whether I can just
>>> use the regular From address, which would be easier for me
>>>
>>
>> SPF is by definition only about envelopes
>> however, just use whitelist_auth -> RTFM
>>
>
>

Re: Whitelisting and Expedia/Orbitz

Posted by Reindl Harald <h....@thelounge.net>.


Am 20.05.2016 um 19:25 schrieb Vincent Fox:
> SPF is only about envelopes?

yes

> Unless you are Microsoft, who check against the From in the header.

nonsense

you likely confuse DMARC with SPF

> ________________________________________
> From: Reindl Harald <h....@thelounge.net>
> Sent: Friday, May 20, 2016 10:23:45 AM
> To: users@spamassassin.apache.org
> Subject: Re: Whitelisting and Expedia/Orbitz
>
> Am 20.05.2016 um 19:03 schrieb Alex:
>> Is it necessary to use the Envelope-From address when whitelisting
>> with whitelist_from_spf? The docs are unclear as to whether I can just
>> use the regular From address, which would be easier for me
>
> SPF is by definition only about envelopes
> however, just use whitelist_auth -> RTFM

Re: Whitelisting and Expedia/Orbitz

Posted by Benny Pedersen <me...@junc.eu>.

Sender-ID is not SPF


On 20. maj 2016 19.28.11 Vincent Fox <vb...@ucdavis.edu> wrote:

> SPF is only about envelopes?
>
> Unless you are Microsoft, who check against the From in the header.
>
> ________________________________________
> From: Reindl Harald <h....@thelounge.net>
> Sent: Friday, May 20, 2016 10:23:45 AM
> To: users@spamassassin.apache.org
> Subject: Re: Whitelisting and Expedia/Orbitz
>
> Am 20.05.2016 um 19:03 schrieb Alex:
>> Is it necessary to use the Envelope-From address when whitelisting
>> with whitelist_from_spf? The docs are unclear as to whether I can just
>> use the regular From address, which would be easier for me
>
> SPF is by definition only about envelopes
> however, just use whitelist_auth -> RTFM

Re: Whitelisting and Expedia/Orbitz

Posted by Vincent Fox <vb...@ucdavis.edu>.

SPF is only about envelopes?

Unless you are Microsoft, who check against the From in the header.

________________________________________
From: Reindl Harald <h....@thelounge.net>
Sent: Friday, May 20, 2016 10:23:45 AM
To: users@spamassassin.apache.org
Subject: Re: Whitelisting and Expedia/Orbitz

Am 20.05.2016 um 19:03 schrieb Alex:
> Is it necessary to use the Envelope-From address when whitelisting
> with whitelist_from_spf? The docs are unclear as to whether I can just
> use the regular From address, which would be easier for me

SPF is by definition only about envelopes
however, just use whitelist_auth -> RTFM

Re: Whitelisting and Expedia/Orbitz

Posted by Reindl Harald <h....@thelounge.net>.


Am 20.05.2016 um 19:03 schrieb Alex:
> Is it necessary to use the Envelope-From address when whitelisting
> with whitelist_from_spf? The docs are unclear as to whether I can just
> use the regular From address, which would be easier for me

SPF is by definition only about envelopes
however, just use whitelist_auth -> RTFM