Re: @debian.org email forwarding and SPF

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: @debian.org email forwarding and SPF
From: Paul.Hampson@anu.edu.au (Paul Hampson)
Date: Fri, 21 May 2004 08:48:48 +1000
Message-id: <[🔎] 20040520224848.GA12130@keitarou.bubblesworth.net>
Mail-followup-to: debian-devel <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 87oeoj6thv.fsf@wesley.springies.com>
References: <[🔎] 40A66AB9.1060004@neggie.net> <[🔎] 20040520134054.GB11049@keitarou.bubblesworth.net> <[🔎] 87oeoj6thv.fsf@wesley.springies.com>

On Thu, May 20, 2004 at 09:52:28AM -0500, Alan Shutko wrote:
> Paul.Hampson@anu.edu.au (Paul Hampson) writes:
> 
> > SPF basically undoes the recent attitude of "SMTP traffic should be sent
> > via your local ISP's SMTP server, not via the SMTP server that _receives_
> > mail for the domain you're sending from." 
> 
> Not really.  It just extends it (as some residential ISPs have
> already done) to "SMTP traffic should only be sent via your local
> ISP's SMTP server,

> using your email address at that ISP."

Blaargh. This is my main objection to this. As far as email address as
identity goes, this is devestating. I don't want the direct email addy
for my machine or ISP out and about on the 'net. I just noticed that I
am receiving spam at an email address which exists simply to catch the
email from a certain redirector. It's not published anywhere, but it's
possible I sent email from that address before I'd setup my MTA to fix
mail sent from the local machine.

It ties us to ISP email addresses and as it happens directly addresses
the subject of this thread, which is that @debian.org addresses may be
broken by SPF. The SPF solution appears to be "Don't be using them". I
can see that _this_ is avoided by @debian.org not publishing SPF data,
or publishing SPF data that only rejects invalid FROM addresses.

> With the
> minor caveat that if you happen to have the rare luck that you _can_
> contact the mail server for the domain you'd like to send from, you
> are allowed to send from it.  

I run several virtual domains for friends, and certainly I'd prefer my
server to not have to deal with incoming SMTP as well. Currently it is
a perfectly safe close relay as it relays for no-one.

> Really, we should just get rid of mail apps and require everyone to
> use web mail, which would end all this confusion and allow SPF to
> work perfectly.

This also doesn't work with forwarding. And webmail breaks things like
GPG signing and archiving. _Not_ an optimal solution for many people.

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, MCSE
7th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Anu.edu.au

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

This email is licensed to the recipient for non-commercial
use, duplication and distribution.
-----------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- @debian.org email forwarding and SPF
  - From: John Belmonte <john@neggie.net>
- Re: @debian.org email forwarding and SPF
  - From: Paul.Hampson@anu.edu.au (Paul Hampson)
- Re: @debian.org email forwarding and SPF
  - From: Alan Shutko <ats@acm.org>

Prev by Date: Re: @debian.org email forwarding and SPF
Next by Date: Re: Mirror for cdebootstrap
Previous by thread: Re: @debian.org email forwarding and SPF
Next by thread: Re: @debian.org email forwarding and SPF
Index(es):
- Date
- Thread