[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On 14602 March 1977, Philip Hands wrote:

> I guess we could help the mail servers of the recipients of the initial
> messages make that decision if we did SPF for debian.org, but I guess
> that the lack of SPF probably indicates that this is very hard to do
> with our distributed setup.

With the current setup that allows every DD to use their @debian.org
from any random server they have access to, it is impossible.

Debian (DSA) would need to offer an outgoing SMTP relay and we would
need to force everyone to use that for any mail with an @debian.org
address, and then you can enter them in the SPF record.

Thats a lot of ongoing maintenance work added for an unclear benefit:
SPF is a mixed thing. Some mail operators even take the existance of an
SPF header to score mail HIGHER, not lower.

And it doesn't really stop mail appearing from other hosts.

That would be the next step, DMARC, which is SPF plus DKIM plus some
extra DNS records. And DMARC then allow to tell other mail servers (that
follow DMARC) to get rid (spamfilter) mail that aren't from what your
DNS says it should be from (or aren't signed correctly/at all). But its
even more maintenance and burden for a group like Debian.

bye, Joerg

Reply to: