[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF

Stephen Gran wrote:
I was under the impression that the problem described was receiving
viruses with an envelope from honey@d.o.  I am under the impression that
if you are doing SPF checks, and you receive one of these emails from a
debian machine (because you have your debian email forwarded to you),
that it will go through just fine - envelope from matches machine
sending.  Is that incorrect?

That's correct. Once a machine you trust (in this case a Debian machine) accepts the email, further SPF filtering will not be effective.

The problem (from the point of view of SPF) is the forged envelope from.
However if the d.o. machines start doing SPF checks, then none of us can
easily send email with an @d.o. address, unless we implement
authenticated SMTP or other things, and start routing our mail based on
the From: header or envelope from.

That's not correct. Debian machines can start doing SPF filtering (and no, I'm not suggesting they do) and it will have no effect on people with debian.org address sending mail. The *publishing* of SPF records by a domain, and the *filtering* using SPF by a domain's mail server, are completely different things. The problem you mention, regarding people with debian.org addresses sending mail, would only occur if Debian published SPF records for their domain (and no, I'm not suggesting that be done either).


http:// ift ile.org/

Reply to: