Path: ...!weretis.net!feeder8.news.weretis.net!newsfeed.bofh.team!news.bofh.team!robomod!not-for-mail
X-NAT-Policy: http://www.bofh.team/usenet/nat/index.html
X-NAT-Info-1: Send submissions to             nat@newsfeed.bofh.team
X-NAT-Info-2: Send technical complaints to    nat-admin@newsfeed.bofh.team
X-NAT-Info-3: Send complaints about policy to nat-board@newsfeed.bofh.team
X-Comment: moderators do not necessarily agree or disagree with this article.
X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), patched by Ivo Gandolfo
X-Moderation-1: If you have any question contact the admin at nat-admin@newsfeed.bofh.team
X-Moderation-2: See http://www.bofh.team/ for future info
Date: Tue, 10 Dec 2024 19:33:15 +0000
X-Original-To: news-admin-technical@newsfeed.bofh.team
Delivered-To: news-admin-technical@newsfeed.bofh.team
From: Russ Allbery <eagle@eyrie.org>
Newsgroups: news.admin.technical
Subject: Re: SPF check for moderation relay
Organization: The Eyrie
Message-ID: <871pyfs5tl.fsf@hope.eyrie.org>
References: <20241209211624.6f343b6a@ryz.dorfdsl.de>
MIME-Version: 1.0
Content-Type: text/plain
User-Agent: Gnus/5.13 (Gnus v5.13)
Cancel-Lock: sha1:eAxTvUVz27nvLtTFXztN6jOHnb0=
Approved: News Admin Technical <nat-admin@newsfeed.bofh.team>
Bytes: 3168
Lines: 36

Marco Moock <mm+usenet-es@dorfdsl.de> writes:

> Is there any standard or policy that requires usenet servers to use
> their own domain in env from for moderation mails?

There will be absolutely no relationship whatsoever between the From
header of moderation submissions and the domain from which you receive
them.  Often the From header will be completely invalid, and it's very
common (probably the 99% case these days) for the email address of the
poster, even if valid, to have nothing whatsoever to do with the news
server they use.

Even if you look only at the envelope sender, there will be no real
relationship, since moderation submissions generally go through relay
servers that do not do any of the transformations required by modern email
spam prevention standards, and news servers may or may not use a valid
address as an envelope sender when sending moderation submissions.

At present, there's basically no useful type of address-based spam
filtering that can be done with moderation submissions via email.  One
pretty much has to turn off spam filtering (except maybe content analysis)
if one is in the email path for moderation submissions.  I expect this to
make Usenet moderation increasingly untenable in the future, but fixing it
will require a fairly significant revision to the Usenet standards and the
implementation of the relays, which are running on an iffy volunteer basis
already.  (And, if that revision involves switching to encapsulating
submissions, which would be the technically correct way to handle the
various incompatibilities between netnews articles and email, it would
require changes to all the moderation software as well.)

-- 
Russ Allbery (eagle@eyrie.org)             <https://www.eyrie.org/~eagle/>


-- 
Approved by robomod. For info contact the admin.
V1.0