Skip site navigation (1) Skip section navigation (2)

Re: Publish SPF records for postgresql.org?

From: Jonathan Gardner <jgardner(at)jonathangardner(dot)net>
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: Publish SPF records for postgresql.org?
Date: 2004-03-02 21:31:35
Message-ID: 200403021331.35398.jgardner@jonathangardner.net (view raw or flat)
Thread:
Lists: pgsql-advocacy
On Tuesday 02 March 2004 12:58 pm, Bruno Wolff III wrote:
> On Tue, Mar 02, 2004 at 10:40:33 -0800,
>
>   Jonathan Gardner <jgardner(at)jonathangardner(dot)net> wrote:
> > Notice that SPF only checks the envelope MAIL FROM line, or as some
> > people call it the SMTP from, not the header from. Modern mailing lists
> > (like the one postgresql uses) rewrites that as it is now, so
> > forwarding will not break with SPF. (Notice that it is comparing the IP
> > address of the server I got mail from with the domain "postgresql.org".
> > Since there are no SPF records for postgresql.org, it can't check yet.)
>
> The case I am talking about is for a person that gets email from a
> postgres mailing list at server A and forwards it to server B. If server
> B checks SPF records it will reject this message because it is not coming
> from a server authorized to use postgresql.org as an envelope sender
> domain. This is something that probably won't affect many people, but it
> would still be nice to give people a heads up before turning it on. That
> way they can adjust things so the mail gets through. (By such methods as
> using SRS on server A or changing their subscription address to server
> B.)

You are correct. However, this only affects the user if the have enabled SPF 
on server A and if they haven't enabled SRS on server B. If they are going 
to enable SPF on server A, then they should understand the ramifications of 
doing so. Every domain that publishes SPF will break their configuration, 
not just postgresql.org.

I think if you compare the cost to benefit of publishing or not publishing 
SPF records, it is apparent that publishing SPF records is the wise thing 
to do. We would only be declaring to the world that email coming from 
certain server is totally valid, while other servers are unknown (?all), 
probably not valid (~all) or not valid at all (!all). What the recipients 
of email do with this information is their responsibility. If they want to 
make it so that SPF-enabled email doesn't go through, that's their 
business. If they want to be silly and implement SPF in a way that will 
break forwarding, that's their call.

-- 
Jonathan Gardner
jgardner(at)jonathangardner(dot)net

In response to

Responses

pgsql-advocacy by date

Next:From: Bruno Wolff IIIDate: 2004-03-03 03:42:28
Subject: Re: Publish SPF records for postgresql.org?
Previous:From: Bruno Wolff IIIDate: 2004-03-02 20:58:34
Subject: Re: Publish SPF records for postgresql.org?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group