On Fri, 2010-12-31 at 10:02 +0100, Olav Vitters wrote: > On Thu, Dec 30, 2010 at 04:42:05PM +0000, A. James Lewis wrote: > > Not strictly a gaping security hole... but certainly an omission, > > perhaps it would be possible for such a major organization to support > > this mechanism for reducing SPAM by having an SPF record in your DNS? > > > > It certainly reduces the chances of someone impersonating your users in > > email. > > I'm fully aware of SPF. However, practically (at least at the moment) > not possible to implement that. We hand out @gnome.org aliases to GNOME > foundation members. We do not want to be a webmail provider or anything. > So the way foundation members use these aliases is to change the From > setting in their email client or in some webmail services (e.g. gmail > supports this). > > It would be nice at one point to allow people to use our SMTP server. > But that would still not be of any help for gmail users (unless gmail > separates From: and the SMTP from). Plus people might have very strange > configuration settings where this is not possible. > > So in short: Aware of SPF, but at the moment not possible to implement. > > If you want to discuss this or anything else suggest to subscribe to the > gnome-infrastructure list on http://mail.gnome.org/. >
It seems that SPF has at least a contingency to allow this kind of thing to happen. If you were to define the "official" gnome.org SMTP servers in an SPF record, but specify ?all as a catch all (instead of -all), then mails sent by gnome itself, from mailing lists etc, would be marked as "Pass", and mails from other sites such as 3rd party webmail accounts etc, as you described... would still be undefined. This would surely be a significantly better situation because the bulk of mail sent by gnome.org would be validated. You might even use the include directive to include popular webmail services such as gmail or hotmail. James
_______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
