-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Wed, 2017-03-29 at 11:32 -0400, William Herrin wrote:
The gold standard, Spamassassin, does not. Indeed, the message to which I reply was scored by spam assassin as "SPF_PASS" even though you do not include NANOG's servers in the SPF record for tnetconsulting.net.
The message from Mr. Taylor (to which Mr. Herrin is replying) arrived here with: Return-path: <nanog-bounces@nanog.org> From: Grant Taylor via NANOG <nanog@nanog.org> Reply-to: Grant Taylor <gtaylor@tnetconsulting.net> So an SPF implementation that checks either or both of the (rfc2821 envelope from / rfc2822 header from) domains will pass. The original was DKIM signed by d=tnetconsulting.net (c=simple/simple - you might want to change that) but of course that signature was broken by the nanog list handling. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAljb2dEACgkQL6j7milTFsGoxwCePikWwzhrqSLFV3QQIKNR8FfO eoAAnjjH7TgYcTSJC8DWe2l139iQfkkI =SEM6 -----END PGP SIGNATURE-----