Path: ...!2.eu.feeder.erje.net!feeder.erje.net!newsfeed.bofh.team!news.bofh.team!robomod!not-for-mail X-NAT-Policy: http://www.bofh.team/usenet/nat/index.html X-NAT-Info-1: Send submissions to nat@newsfeed.bofh.team X-NAT-Info-2: Send technical complaints to nat-admin@newsfeed.bofh.team X-NAT-Info-3: Send complaints about policy to nat-board@newsfeed.bofh.team X-Comment: moderators do not necessarily agree or disagree with this article. X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), patched by Ivo Gandolfo X-Moderation-1: If you have any question contact the admin at nat-admin@newsfeed.bofh.team X-Moderation-2: See http://www.bofh.team/ for future info Date: Tue, 10 Dec 2024 20:12:41 +0000 X-Original-To: news-admin-technical@newsfeed.bofh.team Delivered-To: news-admin-technical@newsfeed.bofh.team Authentication-Results: name/77B6B5F8F3; dmarc=none (p=none dis=none) header.from=chinet.com From: "Adam H. Kerman" Newsgroups: news.admin.technical Subject: Re: SPF check for moderation relay Organization: A noiseless patient Spider Message-ID: References: <20241209211624.6f343b6a@ryz.dorfdsl.de> <20241210201043.4251a243@ryz.dorfdsl.de> X-Original-Injection-Date: Tue, 10 Dec 2024 21:05:15 +0100 (CET) Cancel-Lock: sha1:APYgnYGtmKR5XrCZ0mNn30fhqH0= X-Newsreader: trn 4.0-test77 (Sep 1, 2010) X-Auth-Sender: U2FsdGVkX1+LwAL832NYnvaYWmkeF6RwxHRY3yALBiIJXDUzsemaIA== X-Spam-Status: No, score=-99.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_PASS, USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on smtp.eternal-september.org Approved: News Admin Technical Bytes: 4042 Lines: 53 Marco Moock wrote: >On 10.12.2024 18:47 Uhr Ivo Gandolfo wrote: >>However, given how the system works, there is no simple answer on how >>to overcome all this. >>Unless write a RFC specifically, the problem remains that even if a >>new method were to be found, there are now old and/or unmaintained >>systems around, which would still use the old way of sending emails. >If the moderation destination mailbox requires working SPF/DKIM, the >addresses need to be rewritten. Please to gawd do not pursue this. The encoding always should have been based on ENVELOPE FROM, never on the From header in the mailing address. This misuse of the protocols has screwed up mailing lists for years and never had anything to do with identity protection. News to Mail gateways would be similarly affected. Not having learned a lesson from how mailing lists were adversely impacted, you would spread the pain to moderation? With moderation, it's not possible to avoid use of a relay unless self approvals are used. There is no identity on the From header to protect! >The usenet servers that send mail to my moderation relay (not >destination) often use their own domain as the envelope from. SPF >checking would be possible then. Well, yes, but what are you trying to accomplish here? It's not the identity of the author. Usenet has been doing moderation in a somewhat useless manner forever. The proto article probably should have been an attachment to have something useful on Path. Instead, when the reader reads the approved article on the server he reads from, the Path traces back to the moderator's host and we lose the portion of the path that would have traced back to the author. If I'm concerned about the author's identity, I'd need to see Path back to him. >Mail from my machine wasn't rejected yet. Uh, good. No one along the relay path of a proto article or the approved article injected back into Usenet should be checking SPF/DKIM at all. If they are, then their implementation is broken. -- Approved by robomod. For info contact the admin. V1.0