[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF

Andrew Suffield <asuffield@debian.org> writes:

> Marco is ignoring all other applications of SPF, such as the ones it was
> designed for, and only paying attention to people proposing it as a
> solution to spam.

Either that or Marco is doing the same thing that I'm doing, weighing the
advantages of SPF for solving those other, far more minor problems against
the costs, and deciding that widespread deployment of SPF is a crappy
solution that will break far more than it will fix.

There is one and only one case where you should ever add a useful SPF DNS
record (as opposed to one of the unuseful ones that make no actual claims
about the validity of mail coming from other servers -- note that most of
the SPF DNS records are of that type, and are basically just there to make
someone feel good), and that's when you are a corporation or similar
central organization with strict control over your e-mail addresses and an
absolute, enforced policy that no one shall ever use those e-mail
addresses in any context other than your central mail servers.

There is one and only one case where you should ever use SPF to do
filtering, and that's if you know that you never forward any mail to that
account except through the complex SPF forwarders.

This means that the number of people who can actually take advantage of
SPF, involving the intersection of those two cases, is small enough to
make it really difficult to find any motivation for deployment.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Reply to: