Some comments on the default behavior for SPF.

This commit is contained in:
Philippe Pittoli 2024-11-09 04:00:00 +01:00
parent bfa249585c
commit d876531d23

View File

@ -125,7 +125,7 @@ basics = HH.div_
You will have to configure your mail server to sign the emails you send.
This involves creating a pair of keys (public and private).
Your mail server will sign the mails with the private key,
and other mail servers will verify the signature with the public key.
and recipient mail servers will verify the signature with the public key.
So, you need to publish the public key in a DKIM record.
"""
]
@ -430,17 +430,33 @@ spf_introduction =
]
spf_default_behavior :: forall w i. Array (HH.HTML w i)
spf_default_behavior = [Bulma.p """
What should someone do when receiving a mail with your email address but not from a listed domain or IP address?
"""
, HH.text """
By default, let's opt for dropping the mail (a
"""
, HH.u_ [HH.text "hard fail"]
, HH.text """).
The only way for DKIM to be really meaningful is to block any mail not coming from the intended email servers.
Otherwise, it's just a statu quo, and the spamming will continue.
"""]
spf_default_behavior = [
Bulma.p """
What should someone do when receiving a mail from your email address but not from a listed domain or IP address?
"""
, HH.p_ [ HH.text """
By default, the mail is dropped (a
"""
, HH.u_ [HH.text "hard fail"]
, HH.text """).
This is the most direct behavior: dropping any mail not coming from the intended email servers.
"""
]
, HH.p_ [ HH.text """
Another option would be a
"""
, HH.u_ [HH.text "soft fail"]
, HH.text """, which would advise recipient mail servers to tag the mails as spam.
In this case, a misconfigured email server wouldn't prevent mails to be received.
Use this option in case you are not confident enough in your setup.
"""
]
, HH.p_ [ HH.text """
Other options ("pass" and "neutral") are frankly borderline useless.
Do not use them unless you know exactly why.
"""
]
]
srv_introduction :: forall w i. Array (HH.HTML w i)
srv_introduction =