Re: Publish SPF records for postgresql.org? - Mailing list pgsql-advocacy

From Jonathan Gardner
Subject Re: Publish SPF records for postgresql.org?
Date
Msg-id 200403021331.35398.jgardner@jonathangardner.net
Whole thread Raw
In response to Re: Publish SPF records for postgresql.org?  (Bruno Wolff III <bruno@wolff.to>)
Responses Re: Publish SPF records for postgresql.org?
List pgsql-advocacy
On Tuesday 02 March 2004 12:58 pm, Bruno Wolff III wrote:
> On Tue, Mar 02, 2004 at 10:40:33 -0800,
>
>   Jonathan Gardner <jgardner@jonathangardner.net> wrote:
> > Notice that SPF only checks the envelope MAIL FROM line, or as some
> > people call it the SMTP from, not the header from. Modern mailing lists
> > (like the one postgresql uses) rewrites that as it is now, so
> > forwarding will not break with SPF. (Notice that it is comparing the IP
> > address of the server I got mail from with the domain "postgresql.org".
> > Since there are no SPF records for postgresql.org, it can't check yet.)
>
> The case I am talking about is for a person that gets email from a
> postgres mailing list at server A and forwards it to server B. If server
> B checks SPF records it will reject this message because it is not coming
> from a server authorized to use postgresql.org as an envelope sender
> domain. This is something that probably won't affect many people, but it
> would still be nice to give people a heads up before turning it on. That
> way they can adjust things so the mail gets through. (By such methods as
> using SRS on server A or changing their subscription address to server
> B.)

You are correct. However, this only affects the user if the have enabled SPF
on server A and if they haven't enabled SRS on server B. If they are going
to enable SPF on server A, then they should understand the ramifications of
doing so. Every domain that publishes SPF will break their configuration,
not just postgresql.org.

I think if you compare the cost to benefit of publishing or not publishing
SPF records, it is apparent that publishing SPF records is the wise thing
to do. We would only be declaring to the world that email coming from
certain server is totally valid, while other servers are unknown (?all),
probably not valid (~all) or not valid at all (!all). What the recipients
of email do with this information is their responsibility. If they want to
make it so that SPF-enabled email doesn't go through, that's their
business. If they want to be silly and implement SPF in a way that will
break forwarding, that's their call.

--
Jonathan Gardner
jgardner@jonathangardner.net

pgsql-advocacy by date:

Previous
From: Bruno Wolff III
Date:
Subject: Re: Publish SPF records for postgresql.org?
Next
From: Bruno Wolff III
Date:
Subject: Re: Publish SPF records for postgresql.org?