On Sun, 7 Jan 2024 13:43:38 -0500 (EST) "D. Hugh Redelmeier via talk" <talk@gtalug.org> wrote:
| From: D. Hugh Redelmeier via talk <talk@gtalug.org> | How to read this: | mx: | email sent by mimosa.com should only come from its servers | declared in MX DNS records
More accurately, this means that mail that says it is from mimosa.com is OK if it comes from one of the SMTP servers listend in MX records.
In other words, this test only marks good things. Then the "~all" says anything that isn't good is bad.
no, you have it the wrong way around. it is the reverse of that. the ~ means if it is not from your servers it is also okay. the - means ONLY from your severs. Your SPF "should" maybe say: mimosa.com. IN TXT "v=spf1 +a +mx +ip4:206.248.139.113 +ip4:98.158.128.23" or maybe just: mimosa.com. IN TXT "v=spf1 +mx -all" or even mimosa.com. IN TXT "v=spf1 +a +mx -all" (Your post did not include the "+" BEFORE the mx in the entry...) https://ascams.com/info/domain-anti-forgery/ https://www.rfc-editor.org/rfc/rfc7208.txt imnsho you can add dkim etc - but ALL Cyber Criminals have DKIM & DMARC in fact ALL SPAMMERS also have DKIM & DMARC so it is a fairly useless thing/loop to jump through and disables privacy and has more minusses than plusses for general society. anyway, ymmv Andre
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk