On 2018-12-05 14:58:08 +0100 (+0100), Thomas Goirand wrote: > On 11/30/18 6:57 PM, Michael Stone wrote: > > On Fri, Nov 30, 2018 at 12:49:02PM -0500, Alexandre Viau wrote: > >> It is true that others are vulnerable, but this is a choice that Debian > >> makes and it can be fixed. If we wanted, we could largely limit this > >> with more restrictive debian.org DNS records. > > > > Yes and no. :) There would need to be a concerted push for some time to > > migrate 20+ years of legacy configurations in order for this to not > > break quite a lot. > > Absoultely not. Adding some DMARC records in our DNS doesn't break any > server not checking DMARC records.
Migrating _client_ configurations/workflows to all submit via Debian-controlled relays on the other hand would be necessary, to avoid servers who check DMARC records rejecting messages from people using their debian.org addresses in other ways (for example, yours seems to have been sent through an MTA in GPLHost for relaying to the lists.d.o MX). -- Jeremy Stanley
signature.asc
Description: PGP signature