VGER does gradual SPF activation (FAQ matter)

Now that there is even an RFC published about SPF...


What is SPF ?

It is one way to to ensure that at SMTP transport level the claimed
message source domain is valid, and message is coming from place
where origination domain's administrator has declared that are valid
source servers for emails claiming to be of that domain.


It does NOT verify that SMTP origination local part is true. 

It does NOT verify message visible headers.

Several people have written MTA configurations that test arriving email
visible "From:" (and sometimes "Sent:") header against SPF data and
actually violate SPF specification doing that!
(We have routinely kicked subscribers with that bug from lists..)


What it gives ?

It gives us a way to tell the world, that emails claiming to be
coming from VGER should be accepted only when they really are
coming from vger. (Complications like recipients incoming MX
relays are not _our_ problem..)

We might get slight reduction of back falling junk at vger with
that - reduction increases when people begin to deploy the SPF
verification more and more widely into their receiving email servers.
(And do it correctly...)



Will VGER begin to verify SPF in incoming email ?

Yes, sometime this summer.



What will break ?

You really should go and read SPF documents and guides and FAQs at:
    http://spf.pobox.com/

Very little will break, but one should really consider converting
their email sending methodology to one, which uses fewest possible
number of servers, publish that data in DNS, and always send all
emails thru those servers.

In longer run the amount of irresponsible (incurable) network security
holes (known as Windows) shows no sign of becoming extinct at adsl -lines,
so there will be increased pressure to demand sender identification
(and verification) during email sending - viruses can't do that yet...
And when they learn, user with infection can be trivially identified
and contacted/blocked.  At the same time I do find it most likely that
ADSL-lines (and modems) will no longer be allowed to send _anywhere_
over plain SMTP.

In order to be able to send email, a "SUBMISSION" protocol does exist,
and is relatively easy to get working with for example the Thunderbird.
Better would be having a button "use submission service" in its account
setup..   (And similar in Outlook/O.Express...)


/Matti Aarnio -- one of  postmaster at vger.kernel.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: VGER does gradual SPF activation (FAQ matter)
    • From: Matthias Andree <[email protected]>
  • Re: VGER does gradual SPF activation (FAQ matter)
    • From: Florian Weimer <[email protected]>
  • Re: VGER does gradual SPF activation (FAQ matter)
    • From: Marc Perkel <[email protected]>
  • Re: VGER does gradual SPF activation (FAQ matter)
    • From: Folkert van Heusden <[email protected]>
  • Re: VGER does gradual SPF activation (FAQ matter)
    • From: David Woodhouse <[email protected]>

• Prev by Date: Re: [lm-sensors] [PATCH] I2C: i2c_bit_add_bus should initialize SDA and SCL lines
• Next by Date: Re: [PATCH] Promise 'stex' driver
• Previous by thread: [PATCH-rt] genirq error message clarification
• Next by thread: Re: VGER does gradual SPF activation (FAQ matter)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]