[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

our distributed setup WAS: SPAM

On Sun, Mar 05, 2017 at 04:29:22PM +0100, Joerg Jaspert wrote:
> On 14602 March 1977, Philip Hands wrote:
> 
> > I guess we could help the mail servers of the recipients of the initial
> > messages make that decision if we did SPF for debian.org, but I guess
> > that the lack of SPF probably indicates that this is very hard to do
> > with our distributed setup.
> 
> With the current setup that allows every DD to use their @debian.org
> from any random server they have access to, it is impossible.
> 
> Debian (DSA) would need to offer an outgoing SMTP relay and we would
> need to force everyone to use that for any mail with an @debian.org
> address, and then you can enter them in the SPF record.
 
Yes. SPF, DKIM and DMARC rely on a central point in an organisation.


> Thats a lot of ongoing maintenance work added for an unclear benefit:
> SPF is a mixed thing. Some mail operators even take the existance of an
> SPF header to score mail HIGHER, not lower.
> 
> And it doesn't really stop mail appearing from other hosts.
> 
> That would be the next step, DMARC, which is SPF plus DKIM plus some
> extra DNS records. And DMARC then allow to tell other mail servers (that
> follow DMARC) to get rid (spamfilter) mail that aren't from what your
> DNS says it should be from (or aren't signed correctly/at all). But its
> even more maintenance and burden for a group like Debian.

And the burden is distributed.
The sad thing is that burden remains due being distributed.

For future improvement, I suggest to go back in time.
Think Internet in nineties, the ISP prodived the e-mail infrastructure.
ISP customers were distributed, the ISP was the central point.

I'm not asking for doing dial-up Internet access,
I'm asking for central points for our distributed setup.



Groeten
Geert Stappers
-- 
Leven en laten leven

Groeten
Geert Stappers
-- 
Leven en laten leven
Reply to: