Re: @debian.org email forwarding and SPF
Stephen Gran wrote:
I was under the impression that the problem described was receiving
viruses with an envelope from firstname.lastname@example.org. I am under the impression that
if you are doing SPF checks, and you receive one of these emails from a
debian machine (because you have your debian email forwarded to you),
that it will go through just fine - envelope from matches machine
sending. Is that incorrect?
That's correct. Once a machine you trust (in this case a Debian
machine) accepts the email, further SPF filtering will not be effective.
The problem (from the point of view of SPF) is the forged envelope from.
However if the d.o. machines start doing SPF checks, then none of us can
easily send email with an @d.o. address, unless we implement
authenticated SMTP or other things, and start routing our mail based on
the From: header or envelope from.
That's not correct. Debian machines can start doing SPF filtering (and
no, I'm not suggesting they do) and it will have no effect on people
with debian.org address sending mail. The *publishing* of SPF records
by a domain, and the *filtering* using SPF by a domain's mail server,
are completely different things. The problem you mention, regarding
people with debian.org addresses sending mail, would only occur if
Debian published SPF records for their domain (and no, I'm not
suggesting that be done either).
http:// ift ile.org/