Timeline for Standard form of email signature
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 7, 2021 at 8:14 | history | edited | CommunityBot | replaced https://tools.ietf.org/html/rfc with https://www.rfc-editor.org/rfc/rfc | |
| Jun 25, 2021 at 22:16 | history | edited | Adam Katz | CC BY-SA 4.0 | better clarity on DMARC requring DKIM *or* SPF, thus a need to ensure SPF never passes |
| May 22, 2021 at 18:27 | comment | added | Adam Katz | Microsoft's stance at least allows downstream filters to block. Other systems out there just ignore it. A part of this is that even with the reporting mechanism in DMARC, there's still a lot of over-aggressive p=reject going on and people are too FP-adverse. That may change as BEC and phish get more prominent. | |
| May 21, 2021 at 19:13 | comment | added | Esa Jokinen | That's unfortunate, and might be the destiny of DMARC, too, because e.g. Microsoft doesn't handle p=reject policies properly. | |
| May 21, 2021 at 17:45 | comment | added | Adam Katz | @EsaJokinen – I'm in anti-spam professionally and can tell you that SPF was designed for that concept but was not successful. Nobody SMTP-rejects on SPF failures. For public data, here are the latest SpamAssassin net test results for SPF_FAIL, which show it hitting 2.1168% of the ham corpus. It's a fair spam signal, but not strong enough to independently convict a message. | |
| May 21, 2021 at 17:39 | comment | added | Esa Jokinen | If SPF is set to -all, that's certainly a justified reason for a connection-stage rejection. | |
| May 21, 2021 at 15:02 | comment | added | Adam Katz | Oops, I meant to say v=spf1 ?all (now corrected), but no email system should be set up to deny delivery upon SPF failure. (SPF adoption has never had high enough efficacy to justify that.) | |
| May 21, 2021 at 15:01 | history | edited | Adam Katz | CC BY-SA 4.0 | spf should be `?all` |
| May 21, 2021 at 5:07 | comment | added | Esa Jokinen | Please notice that if you use SPF policy v=spf1 -all for the domain, you would have to use some other hostname as the envelope sender; otherwise the delivery fails. | |
| May 20, 2021 at 0:25 | vote | accept | Desmond Rhodes | ||
| May 18, 2021 at 17:07 | history | answered | Adam Katz | CC BY-SA 4.0 |