[opendmarc-users] SPF Whitelisting
Marek Greško
marek.gresko at protonmail.com
Sun Feb 20 06:11:06 PST 2022
Hello,
this is what I am talking about. If I would be able to skip spf check for backup mx, there is no requirement for backup mx to implement dkim/dmarc. The control of the backup mx is not something what is feasible for me. It is a pity it could not be achieved.
Marek
Sent with ProtonMail Secure Email.
------- Original Message -------
On Sunday, February 20th, 2022 at 11:45, A. Schulze <sca at andreasschulze.de> wrote:
> Am 19.02.22 um 22:34 schrieb A. Schulze:
>
> > Am 19.02.22 um 20:00 schrieb Marek Greško:
> >
> > > I would need some advice on SPF whitelisting. The situation is that I use backup mx host which is out of my control and I cannot believe it is checking DKIM/DMARC by itself and I need to check it on the primary mx host. So I want to whitelist the backup mx's IP address to stop SPF failing when receiving messages through it to my primary mx host. But I do not want to use IgnoreHosts option since it will stop DKIM checking for messages received through the backup mx host.
> > >
> > > Currently I overcome the problem by using smf-spf milter before opendkim and opendmarc to include spf checking header and let the opendmarc believe the header. But I would like to find the solution without using the smf-spf milter.
> >
> > Hello Marek,
> >
> > I'm not aware skipping SPF checks only is possible with opendmarc.
>
> Hi again,
>
> For what reasons you think, disabling SPF-Validation helps to solve your problem?
>
> SPF/DKIM/DMARC-validation I would implement at (/on?) a MX server. In case of a backup MX scenario, it should be done their.
>
> It's much harder to enforce any kind of policy if a backup MX isn't under your control.
>
> > Andreas
>
> opendmarc-users mailing list
>
> opendmarc-users at trusteddomain.org
>
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
More information about the opendmarc-users
mailing list