Re: SPAM

To: Philip Hands <phil@hands.com>
Cc: debian-devel@lists.debian.org
Subject: Re: SPAM
From: Joerg Jaspert <joerg@debian.org>
Date: Sun, 05 Mar 2017 16:29:22 +0100
Message-id: <[🔎] 87shmrhhd9.fsf@delenn.ganneff.de>
Mail-followup-to: Philip Hands <phil@hands.com>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 871sucje6l.fsf@whist.hands.com> (Philip Hands's message of "Sun, 05 Mar 2017 09:55:14 +0100")
References: <20170103201509.s3swo4w666qeieow@iris.silentflame.com> <87fukzbkwl.fsf@vostro.rath.org> <87o9zn4ie5.fsf@hope.eyrie.org> <20170110100405.mcarzcdlf3h3thfw@bogon.m.sigxcpu.org> <CAO7deYhDjmz+f+_TJfd-Q4EDuA041A7Apy7o0X13EJaiVCt98g@mail.gmail.com> <[🔎] 20170304015416.GD18831@MB> <[🔎] 58BA2C03.5010807@fastmail.fm> <[🔎] 85pohxk68l.fsf@benfinney.id.au> <[🔎] 20170304221257.GA8248@MB> <[🔎] 857f44jy79.fsf@benfinney.id.au> <[🔎] 20170305035027.GA16372@CCPT> <[🔎] 871sucje6l.fsf@whist.hands.com>

On 14602 March 1977, Philip Hands wrote:

> I guess we could help the mail servers of the recipients of the initial
> messages make that decision if we did SPF for debian.org, but I guess
> that the lack of SPF probably indicates that this is very hard to do
> with our distributed setup.

With the current setup that allows every DD to use their @debian.org
from any random server they have access to, it is impossible.

Debian (DSA) would need to offer an outgoing SMTP relay and we would
need to force everyone to use that for any mail with an @debian.org
address, and then you can enter them in the SPF record.

Thats a lot of ongoing maintenance work added for an unclear benefit:
SPF is a mixed thing. Some mail operators even take the existance of an
SPF header to score mail HIGHER, not lower.

And it doesn't really stop mail appearing from other hosts.

That would be the next step, DMARC, which is SPF plus DKIM plus some
extra DNS records. And DMARC then allow to tell other mail servers (that
follow DMARC) to get rid (spamfilter) mail that aren't from what your
DNS says it should be from (or aren't signed correctly/at all). But its
even more maintenance and burden for a group like Debian.

-- 
bye, Joerg

Reply to:

Follow-Ups:
- Re: SPAM
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- our distributed setup WAS: SPAM
  - From: Geert Stappers <stappers@debian.org>

References:
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>
- Re: SPAM
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: SPAM
  - From: Ben Finney <bignose@debian.org>
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>
- Re: SPAM
  - From: Ben Finney <bignose@debian.org>
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>
- Re: SPAM
  - From: Philip Hands <phil@hands.com>

Prev by Date: Re: Non-free RFCs in stretch
Next by Date: Re: SPAM
Previous by thread: Re: SPAM
Next by thread: Re: SPAM
Index(es):
- Date
- Thread