Skip site navigation (1) Skip section navigation (2)

Re: Publish SPF records for

From: Jonathan Gardner <jgardner(at)jonathangardner(dot)net>
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: Publish SPF records for
Date: 2004-03-02 18:49:03
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-advocacy
On Tuesday 02 March 2004 09:44 am, Bruno Wolff III wrote:
> On Tue, Mar 02, 2004 at 09:15:55 -0800,
>   "Jonathan M. Gardner" <jgardner(at)jonathangardner(dot)net> wrote:
> > Is there any reason not to publish SPF records for Do
> > we have control over the TXT records, and does anyone know which
> > servers are authorized to send mail for How do we
> > handle mail forwarding for those who own an email
> > address?
> If you do this be sure to warn all of the list users, since this will
> break forwarding for people on the lists if the server they forward to
> checks SPF info.

This is the line I am getting in my mail logs for SPF checking on the 
postgresql mailing list messages:

Milter add: header: Received-SPF: none ( domain 
of pgsql-hackers-owner+m50598=jgardner=jonathangardner(dot)net(at)postgresql(dot)org 
does not designate permitted sender hosts): 1 Time(s)

We have to keep two issues seperate: (1) Adding SPF records so others can 
check outgoing mail, and (2) Implementing SPF on incoming mail.

We do not necessarily have to implement SPF on incoming mail. If 
we do decide to do that, then we can just add a header saying that the 
check failed, and forward the mail to the list anyway.

Notice that SPF only checks the envelope MAIL FROM line, or as some people 
call it the SMTP from, not the header from. Modern mailing lists (like the 
one postgresql uses) rewrites that as it is now, so forwarding will not 
break with SPF. (Notice that it is comparing the IP address of the server I 
got mail from with the domain "". Since there are no SPF 
records for, it can't check yet.)

Also, we may publish an SPF records that ends in "?all" initially, which 
will mean "if the email comes from anywhere else, pretend like we never 
even mentioned SPF".

We then run some tests, identify servers we forgot about, and then change 
that to "~all", which means softfail, or in other words "If it comes from 
anywhere else, then it probable isn't valid, but it may be."

When we finally identify all of the servers that are sending postgresql 
mail, and are absolutely sure, then and only then will we do "!all", 
declaring that we are absolutely sure no one else should be sending valid 
mail for

Jonathan Gardner

In response to

pgsql-advocacy by date

Next:From: Marc G. FournierDate: 2004-03-02 18:58:49
Subject: Re: Publish SPF records for
Previous:From: Jonathan GardnerDate: 2004-03-02 18:46:50
Subject: Re: Publish SPF records for

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group