Mailing List Archive

Customize the bounce message
Would it be possible to add a feature to allow for custom text to be
added the bounce message? I would like to make it clear when rejecting
for permerror that the sender should contact their own mail admins or
tech support and that the problem is on their end.

Now that I am rejecting on permerrors and hard fails like the sending
domain specified with "-all", senders are forwarding the bounce message
to my users via other mailboxes and asking us what is going on.

The bounce message has a very helpful link to openspf.net explaining
exactly what is wrong but since my mail servers are doing the rejecting,
the senders think this is our fault. End users don't know what to do
with that bounce message link.

--
David Jones


-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171215180755:C6A96E32-E1EC-11E7-B5C4-8B9BA25AF4CD
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
On 12/15/2017 06:07 PM, David Jones via spf-devel wrote:
>
> The bounce message has a very helpful link to openspf.net explaining
> exactly what is wrong but since my mail servers are doing the
> rejecting, the senders think this is our fault.  End users don't know
> what to do with that bounce message link.
This is the template I am using.  I would love a discussion of how to
make it clearer.  However, the first roadblock is that no one I have
ever interacted with has ever actually read my DSNs, or any other DSN. 
If you ever encounter someone (that is not a developer) that actually
reads a DSN, we should give them a prize..

To: %(sender)s
From: postmaster@%(receiver)s
Subject: Critical SPF configuration error
Auto-Submitted: auto-generated (configuration error)

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

    %(rcpt)s

Subject: %(subject)s
Received-SPF: %(spf_result)s

Your spf record has a permanent error.  The error was:

    %(perm_error)s

We will reinterpret your record using "lax" processing heuristics
which may result in your mail being accepted anyway.  But you or your
mail administrator need to fix your SPF record as soon as possible.

We are sending you this message to alert you to the fact that
you have problems with your email configuration.

If you need further assistance, please do not hesitate to
contact me again.

Kind regards,

postmaster@%(receiver)s



-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171215182312:E9859CB2-E1EE-11E7-8BB7-C22F0AE03E04
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
On 12/15/2017 06:23 PM, Stuart Gathman wrote:
> If you ever encounter someone (that is not a developer) that actually
> reads a DSN, we should give them a prize..
BTW, I attempted to contact mrlinfo.org about their SPF problem, and
their response was:

Mr. Gathman,

We have no interest in information about SPF. 

Thank you for sharing your understanding of DNS; however, we are not
in need of your services or consultation. 




Sarah M. Morey
Technical Services Manager 
Systems Administrator
Morrisson-Reeves Library
(765) 966-8291  ext. 107
morey@mrlinfo.org <mailto:morey@mrlinfo.org>




-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171215182531:3C878B78-E1EF-11E7-A23C-ECB5637C4ABC
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
On 12/15/2017 05:25 PM, Stuart Gathman wrote:
> On 12/15/2017 06:23 PM, Stuart Gathman wrote:
>> If you ever encounter someone (that is not a developer) that actually
>> reads a DSN, we should give them a prize..
> BTW, I attempted to contact mrlinfo.org about their SPF problem, and
> their response was:
>
> Mr. Gathman,
>
> We have no interest in information about SPF.
>
> Thank you for sharing your understanding of DNS; however, we are not
> in need of your services or consultation.
>
>
>
>
> Sarah M. Morey
> Technical Services Manager
> Systems Administrator
> Morrisson-Reeves Library
> (765) 966-8291  ext. 107
> morey@mrlinfo.org <mailto:morey@mrlinfo.org>
>

That's funny! I sent an email too and haven't received a response yet.

I usually get better responses than this when I send them a screen shot
of the https://dmarcian.com/spf-survey/ big red error message and tell
them that if they don't fix this, then their email delivery will be
unreliable and their email could be going into the recipient's Spam/Junk
folder. This usually get's their attention.

It more of us would start rejecting on Permerror, then eventually this
would force senders to fix their SPF records. If someone from Google is
on this list, please consider as slow roll out of bouncing on Permerror
or some kind of sender feedback DSN.

--
David Jones


-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171215202050:57E79038-E1FF-11E7-AC98-EA05182D42E9
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
At 23:07 15/12/2017 Friday, David Jones via spf-devel wrote:
>Would it be possible to add a feature to allow for custom text to be added the bounce message? I would like to make it clear when rejecting for permerror that the sender should contact their own mail admins or tech support and that the problem is on their end.
>
>Now that I am rejecting on permerrors and hard fails like the sending domain specified with "-all", senders are forwarding the bounce message to my users via other mailboxes and asking us what is going on.

that particular example is not the senders problem but the receivers

if one of your users is directing people to mail him via a forwarder that dosn't SRS rewrite the envelope
then he must let you know to turn off spf checking for mail to him or mail from that forwarders ip(s)
or both when in tandem

or be told to simply stop directing mail from said forwarder via your systems

as a sender cannot be expected to know that xxxx@yyy is a forwarder that dosnt do SRS in front of a spf checking reciever
and should not modify their spf policy to deal with badly setup (by user) receiver side policy/user issues

if you allow users to use non SRS forwarders you should not reject spf failures to those users till some exceptions made or forwarders gone


> The bounce message has a very helpful link to openspf.net explaining exactly what is wrong but since my mail servers are doing the rejecting, the senders think this is our fault. End users don't know what to do with that bounce message link.
>
> --
> David Jones
>

all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/

--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy


-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171216064410:6C2F8CC4-E256-11E7-ABD5-ABEAE933BAE2
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
On 12/16/2017 05:43 AM, alan wrote:
> At 23:07 15/12/2017 Friday, David Jones via spf-devel wrote:
>> Would it be possible to add a feature to allow for custom text to be added the bounce message? I would like to make it clear when rejecting for permerror that the sender should contact their own mail admins or tech support and that the problem is on their end.
>>
>> Now that I am rejecting on permerrors and hard fails like the sending domain specified with "-all", senders are forwarding the bounce message to my users via other mailboxes and asking us what is going on.
>
> that particular example is not the senders problem but the receivers
>

I didn't mean automated forwarding. I meant they are now manually
forwarding the bounce message caused by an SPF permerror to say a
gmail.com address of theirs, then forwarding it to the original
recipient saying "Why did you bounce my original email? My last email a
couple of days ago went through fine." I would like for the bounce
message to tell the original sender to forward this to their own mail
sysadmin like the openspf.net link says to do.


> if one of your users is directing people to mail him via a forwarder that dosn't SRS rewrite the envelope
> then he must let you know to turn off spf checking for mail to him or mail from that forwarders ip(s)
> or both when in tandem
>

Also, I am not talking about SPF fails that would result from forwarding
without SRS. I am only talking about SPF permerrors that are caused by
the original envelope-from domain having a misconfigured/bad
syntax/duplicate record/etc.

--
David Jones


-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171216105312:3662DC18-E279-11E7-B3E9-E9A68CD0635F
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
At 15:53 16/12/2017 Saturday, David Jones wrote:
>On 12/16/2017 05:43 AM, alan wrote:
>>At 23:07 15/12/2017 Friday, David Jones via spf-devel wrote:
>>>Would it be possible to add a feature to allow for custom text to be added the bounce message? I would like to make it clear when rejecting for permerror that the sender should contact their own mail admins or tech support and that the problem is on their end.
>>>
>>>Now that I am rejecting on permerrors and hard fails like the sending domain specified with "-all", senders are forwarding the bounce message to my users via other mailboxes and asking us what is going on.
>>that particular example is not the senders problem but the receivers
>
>I didn't mean automated forwarding. I meant they are now manually forwarding the bounce message caused by an SPF permerror to say a gmail.com address of theirs, then forwarding it to the original recipient saying "Why did you bounce my original email? My last email a couple of days ago went through fine." I would like for the bounce message to tell the original sender to forward this to their own mail sysadmin like the openspf.net link says to do.

sorry my mis-read entirely



>>if one of your users is directing people to mail him via a forwarder that dosn't SRS rewrite the envelope
>>then he must let you know to turn off spf checking for mail to him or mail from that forwarders ip(s)
>>or both when in tandem
>
>Also, I am not talking about SPF fails that would result from forwarding without SRS. I am only talking about SPF permerrors that are caused by the original envelope-from domain having a misconfigured/bad syntax/duplicate record/etc.

yeah I get that now I permerr reject too
(except for this and a few other email troubleshooting related aliases)

its the only way they will learn and no spf is better than clueless spf
(as if the admin is clueless I have to assume he's not monitoring for/kicking spamming users either)




>--
>David Jones



-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171216134418:1D9BAD6E-E291-11E7-B972-8B05E6B98378
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
On 12/16/2017 12:44 PM, alan wrote:
> At 15:53 16/12/2017 Saturday, David Jones wrote:
>> On 12/16/2017 05:43 AM, alan wrote:
>>> At 23:07 15/12/2017 Friday, David Jones via spf-devel wrote:
>>>> Would it be possible to add a feature to allow for custom text to be added the bounce message? I would like to make it clear when rejecting for permerror that the sender should contact their own mail admins or tech support and that the problem is on their end.
>>>>
>>>> Now that I am rejecting on permerrors and hard fails like the sending domain specified with "-all", senders are forwarding the bounce message to my users via other mailboxes and asking us what is going on.
>>> that particular example is not the senders problem but the receivers
>>
>> I didn't mean automated forwarding. I meant they are now manually forwarding the bounce message caused by an SPF permerror to say a gmail.com address of theirs, then forwarding it to the original recipient saying "Why did you bounce my original email? My last email a couple of days ago went through fine." I would like for the bounce message to tell the original sender to forward this to their own mail sysadmin like the openspf.net link says to do.
>
> sorry my mis-read entirely
>

No worries.

> its the only way they will learn and no spf is better than clueless spf
> (as if the admin is clueless I have to assume he's not monitoring for/kicking spamming users either)
>
>

I think I am going to have to go back to allowing SPF Fail and
Permerrors and then do some post processing of the maillog vi swatch to
respond with a message to forward to his IT support, local Help Desk, or
mail admins. I am getting too many complaints about blocking legitimate
senders the past couple of days.

I will be able to craft a good email that normal users will understand
in simple words telling them to forward it to their local IT support,
Help Desk, or email admins with their own domain name in the message.
This will be kinda like a DSN email nagging them once an hour maximum
only when they have sent an email to my mail filters in the past hour
until their SPF record is fixed.

--
David Jones


-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171216140812:744FE3AC-E294-11E7-BFD2-CFA47D9F805A
Powered by Listbox: http://www.listbox.com
Re: Customize the bounce message [ In reply to ]
>I think I am going to have to go back to allowing SPF Fail and Permerrors and then do some post processing of the maillog vi swatch to respond with a message to forward to his IT support, local Help Desk, or mail admins. I am getting too many complaints about blocking legitimate senders the past couple of days.
>
>I will be able to craft a good email that normal users will understand in simple words telling them to forward it to their local IT support, Help Desk, or email admins with their own domain name in the message. This will be kinda like a DSN email nagging them once an hour maximum only when they have sent an email to my mail filters in the past hour until their SPF record is fixed.

I prefer to reject, and tell my users that they can get any sender whitelisted for any spf-check themselves in their mail preferences
in the past id offer to whitelest any for a month, and make it their job to mail/update me for an extension monthly (to encourage them to motivate the broken sender)

im pondering adding in auto-expiry to user whitelisting options someday to have same effect ;)
(so they have the hassle of re-adding senders to motivate them to complain at senders)


>--
>David Jones



-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/1311533-9e42a648
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311533&id_secret=1311533-d322f1f1
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311533&id_secret=1311533-d59c80a0&post_id=20171217171046:1F7F5EAA-E377-11E7-B9FE-E8DF5FA2EE37
Powered by Listbox: http://www.listbox.com