Re: VGER does gradual SPF activation (FAQ matter)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday June 11, [email protected] wrote:
> On Sun, 2006-06-11 at 01:27 +0300, Matti Aarnio wrote:
> > Now that there is even an RFC published about SPF...
> 
> Please, don't do this. SPF makes assumptions about email which are just
> not true; it rejects perfectly valid mail.
> 
> http://david.woodhou.se/why-not-spf.html

Conversely, please do do this :-)

I agree with David that SPF breaks mail-as-we-know-it, but I cannot
help thinking that mail-as-we-know-it is way too permissive and bits
of it need to be broken (the old egg/omelette analogy).

And I think that kernel.org is a great place to start with pushing
SPF, because if a few mail items go astray to-or-from it really isn't
the end of the world.

- kernel.org should publish very strict SPF records that sites with
  any gumption can reject forged mail claiming to be from kernel.org.
  If systems drop mail incorrectly because of this, the end-recipient
  can follow linux-kernel any number of other ways, and can badger
  their local admins to "get it right".

- kernel.org should reject mail that earns an SPF 'fail' and should
  grey-list mail that earns an SPF 'softfail' (so the sending system
  will have to retry once). Any mail that incorrectly gets rejected
  will hopefully have a link to a web page that explains the problem
  and lists a number of free-mail sites where anyone can sign up and
  safely send mail to kernel.org.  So people who need to get mail
  through still can, while they complain to their admins about
  configuring things properly.

I think kernel.org is a great site to be an early adopter because:
  - the mail it transports isn't critical
  - it interacts with a very large number of mail sites
  - it's customers are reasonably technology-savvy. 

sourceforge would be another good site.


(No, SPF doesn't stop spam, but it can increase accountability so that
white/black lists can begin to be more usable).

NeilBrown
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux