On Sun, Mar 05, 2017 at 04:29:22PM +0100, Joerg Jaspert wrote: > On 14602 March 1977, Philip Hands wrote: > > > I guess we could help the mail servers of the recipients of the initial > > messages make that decision if we did SPF for debian.org, but I guess > > that the lack of SPF probably indicates that this is very hard to do > > with our distributed setup. > > With the current setup that allows every DD to use their @debian.org > from any random server they have access to, it is impossible. > > Debian (DSA) would need to offer an outgoing SMTP relay and we would > need to force everyone to use that for any mail with an @debian.org > address, and then you can enter them in the SPF record. Yes. SPF, DKIM and DMARC rely on a central point in an organisation.
> Thats a lot of ongoing maintenance work added for an unclear benefit: > SPF is a mixed thing. Some mail operators even take the existance of an > SPF header to score mail HIGHER, not lower. > > And it doesn't really stop mail appearing from other hosts. > > That would be the next step, DMARC, which is SPF plus DKIM plus some > extra DNS records. And DMARC then allow to tell other mail servers (that > follow DMARC) to get rid (spamfilter) mail that aren't from what your > DNS says it should be from (or aren't signed correctly/at all). But its > even more maintenance and burden for a group like Debian. And the burden is distributed. The sad thing is that burden remains due being distributed. For future improvement, I suggest to go back in time. Think Internet in nineties, the ISP prodived the e-mail infrastructure. ISP customers were distributed, the ISP was the central point. I'm not asking for doing dial-up Internet access, I'm asking for central points for our distributed setup. Groeten Geert Stappers -- Leven en laten leven Groeten Geert Stappers -- Leven en laten leven
