X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Recipient: geda-user AT delorie DOT com
Date: Tue, 12 May 2015 00:17:06 +0200
From: Bernd Walter <ticso AT cicely7 DOT cicely DOT de>
To: gEDA user list <geda-user AT delorie DOT com>
Subject: Re: [geda-user] pcb crashing on startup
Message-ID: <20150511221706.GK71214@cicely7.cicely.de>
References: <1431370095 DOT 2428 DOT 2 DOT camel AT fussbudget> <20150511191630 DOT 30542 DOT qmail AT stuge DOT se> <20150511194214 DOT 32722 DOT qmail AT stuge DOT se> <20150511205443 DOT GJ71214 AT cicely7 DOT cicely DOT de> <20150511214442 DOT 9526 DOT qmail AT stuge DOT se>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150511214442.9526.qmail@stuge.se>
X-Operating-System: FreeBSD cicely7.cicely.de 7.0-STABLE i386
User-Agent: Mutt/1.5.11
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED=-1,BAYES_00=-1.9,T_RP_MATCHES_RCVD=-0.01 autolearn=ham version=3.3.0
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on spamd.cicely.de
Reply-To: geda-user AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: geda-user AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk

On Mon, May 11, 2015 at 11:44:42PM +0200, Peter Stuge (peter AT stuge DOT se) wrote:
> Bernd Walter wrote:
> > > Peter Stuge (peter AT stuge DOT se) wrote:
> > > 
> > > I do not use DMARC for my domain; I got the impression that you already
> > > moved to mangling only those sender addresses which require it?
> > 
> > But you have an SPF record.
> 
> So? My SPF record is only used by the receiver (delorie.com) of my
> email in the SMTP dialogue, to verify that the envelope sender of my
> message (me) is allowed to send from my server. SPF matches and
> delorie.com accepts the message. All good.
> 
> When delorie.com sends my email out to subscribers then the envelope
> sender is no longer me (look at Return-Path in the headers) so my SPF
> record must not matter, right?

Exactly.
That's the problem point with DMARC/SPF and traditional SPF, that you
can't forward a mail without rewriting the sender address.
Since this is a sender based policy it is a pain in the a.. for every
sane use of traditional forwarding.
SPF always had been a broken design in my opinion.
If it had been my choice I wouldn't even have hacked the list, because when
the sender domain owner declares that the mail isn't to be forwared in
any way, then users of that domain shouldn't get that service.
Unfortunately too many users these days rely on such broken configuration,
so that it would leave many users behind.
Those DMARC people should have let SPF RIP.

DMARC/DKIM is better, because the sender mailserver signs the message,
which stays valid when transfered through a another server.
It only forces the sender to use a specific mailserver, but is transparent
for forwarding.

-- 
B.Walter <bernd AT bwct DOT de> http://www.bwct.de
Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.