Mercurial > dnsbl
comparison xml/dnsbl.in @ 409:e018ed19a1cc
require 3 dots in bare ip addresses
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sun, 16 Apr 2017 09:06:52 -0700 |
| parents | 29d54e7028f6 |
| children | d5a1ed33d3ae |
comparison
equal
deleted
inserted
replaced
| 408:067963dc142f | 409:e018ed19a1cc |
|---|---|
| 543 <para> | 543 <para> |
| 544 The restrictions imposed by require_signed are similar but not | 544 The restrictions imposed by require_signed are similar but not |
| 545 identical to a DMARC reject policy with strict identifier alignment. | 545 identical to a DMARC reject policy with strict identifier alignment. |
| 546 When doing SPF fallback, DMARC checks SPF based on the rfc5321 | 546 When doing SPF fallback, DMARC checks SPF based on the rfc5321 |
| 547 envelope from domain. DNSBL checks SPF based on the rfc5322 header | 547 envelope from domain. DNSBL checks SPF based on the rfc5322 header |
| 548 from domain. DMARC does not allow mail from good.example.com to be | 548 from domain, but we ignore mx: and ptr: elements in the txt record. |
| 549 DMARC does not allow mail from good.example.com to be | |
| 549 signed by trusted.example.net - which is a common case. Both Microsoft | 550 signed by trusted.example.net - which is a common case. Both Microsoft |
| 550 Office365 and Google run mail for customer domains, but use DKIM | 551 Office365 and Google run mail for customer domains, but use DKIM |
| 551 signing domains in onmicrosoft.com and gappssmtp.com, which are | 552 signing domains in onmicrosoft.com and gappssmtp.com, which are |
| 552 unrelated to the customer domain. DMARC in the default relaxed | 553 unrelated to the customer domain. DMARC in the default relaxed |
| 553 alignment mode allows evil.example.com to sign mail from | 554 alignment mode allows evil.example.com to sign mail from |
| 953 dhl.com require_signed dhl.com; | 954 dhl.com require_signed dhl.com; |
| 954 adp.com require_signed "adp.com,bmi.adp.com"; | 955 adp.com require_signed "adp.com,bmi.adp.com"; |
| 955 # | 956 # |
| 956 # blacklisting based on header from value - requiring signatures | 957 # blacklisting based on header from value - requiring signatures |
| 957 # from an impossible signer. | 958 # from an impossible signer. |
| 958 spammer.domain require_signed " "; | 959 spammer.domain require_signed .; |
| 959 # | 960 # |
| 960 # whitelisting based on strong spf pass - whitelisted if signed by | 961 # whitelisting based on strong spf pass - whitelisted if signed by |
| 961 # an impossible signer (which will never happen) or strong spf pass. | 962 # an impossible signer (which will never happen) or strong spf pass. |
| 962 some.domain signed_white " "; | 963 some.domain signed_white .; |
| 963 # | 964 # |
| 964 # whitelisting based on valid signature or strong spf pass. | 965 # whitelisting based on valid signature or strong spf pass. |
| 965 # some paychex mail is signed, some is unsigned but passes strong spf. | 966 # some paychex mail is signed, some is unsigned but passes strong spf. |
| 966 paychex.com require_signed paychex.com; | 967 paychex.com require_signed paychex.com; |
| 967 # | 968 # |