Skip site navigation (1) Skip section navigation (2)

Re: Publish SPF records for postgresql.org?

From: Jonathan Gardner <jgardner(at)jonathangardner(dot)net>
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: Publish SPF records for postgresql.org?
Date: 2004-03-02 18:40:33
Message-ID: 200403021040.33576.jgardner@jonathangardner.net (view raw or flat)
Thread:
Lists: pgsql-advocacy
On Tuesday 02 March 2004 09:44 am, Bruno Wolff III wrote:
> On Tue, Mar 02, 2004 at 09:15:55 -0800,
>
>   "Jonathan M. Gardner" <jgardner(at)jonathangardner(dot)net> wrote:
> > Is there any reason not to publish SPF records for postgresql.org? Do
> > we have control over the TXT records, and does anyone know which
> > servers are authorized to send mail for postgresql.org? How do we
> > handle mail forwarding for those who own an @postgresql.org email
> > address?
>
> If you do this be sure to warn all of the list users, since this will
> break forwarding for people on the lists if the server they forward to
> checks SPF info.

This is the line I am getting in my mail logs for SPF checking on the 
postgresql mailing list messages:

Milter add: header: Received-SPF: none (dervish.jonathangardner.net: domain 
of pgsql-hackers-owner+m50598=jgardner=jonathangardner(dot)net(at)postgresql(dot)org 
does not designate permitted sender hosts): 1 Time(s)

And, we will do not necessarily have to implement SPF on incoming mail. If 
we do decide to do that, then we can just add a header saying that the 
check failed, and forward the mail to the list anyway.

Notice that SPF only checks the envelope MAIL FROM line, or as some people 
call it the SMTP from, not the header from. Modern mailing lists (like the 
one postgresql uses) rewrites that as it is now, so forwarding will not 
break with SPF. (Notice that it is comparing the IP address of the server I 
got mail from with the domain "postgresql.org". Since there are no SPF 
records for postgresql.org, it can't check yet.)

Also, we may publish an SPF records that ends in "?all" initially, which 
will mean "if the email comes from anywhere else, pretend like we never 
even mentioned SPF".

We then run some tests, identify servers we forgot about, and then change 
that to "~all", which means softfail, or in other words "If it comes from 
anywhere else, then it probable isn't valid, but it may be."

When we finally identify all of the servers that are sending postgresql 
mail, and are absolutely sure, then and only then will we do "!all", 
declaring that we are absolutely sure no one else should be sending valid 
mail for postgresql.org.

Hopefully, between the "?all" and "~all" steps we will have identified all 
of the postgresql mail servers, so that those who are implementing SPF on 
incoming mail will not have to endure having their postgresql mail sent to 
the junk folder.

-- 
Jonathan Gardner
jgardner(at)jonathangardner(dot)net

In response to

Responses

pgsql-advocacy by date

Next:From: Jonathan GardnerDate: 2004-03-02 18:46:50
Subject: Re: Publish SPF records for postgresql.org?
Previous:From: Marc G. FournierDate: 2004-03-02 17:53:19
Subject: Re: Publish SPF records for postgresql.org?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group