This one time, at band camp, Andrew Pollock said: > On Thu, May 20, 2004 at 09:33:34AM +0100, Adam D. Barratt wrote: > > > > It's not stopping the mail because it's spam - it's stopping the mail > > because the sender address is provably false. What happens when the virus > > starts sending mail claiming to be from <validuser>@debian.org? It sails > > straight through the SPF check... > > Dude, honey@d.o is a valid developer's email address... > > > Given the amount of bounces hitting our company server from mail claiming to > > be from valid local addresses, none of which would have been stopped if both > > we and the other servers employed SPF, I think the ball is firmly back in > > your court. :) > > See above. > > Andrew And so, if it's forwarded to you via your @d.o email, it will make it through - it's coming from an at d.o address, and an @d.o machine. Only if the debian machines start doing SPF checking for @d.o addresses (in which case nobody would be able to send mail with an envelope from an @d.o address unless logged in to one of the machines), it won't help, as I understand it. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
pgpGv9sFzaxWR.pgp
Description: PGP signature