[linux-elitists] SPF

Joey Hess joey@kitenet.net
Wed Jan 28 19:51:48 PST 2004


Aaron Lehmann wrote:
> Yes, I've read the awful hack in the FAQ. That handles actually
> forwarding the mail. How can a user send messages from that address
> without a much sicker hack?
> 
> I use my school mail account occasionally for talking to professors
> and TA's. I have the mail sent to it forwarded to my own mail server,
> which is a much more agreeable solution than polling with fetchmail or
> using PINE on a Solaris machine. If my school implemented SPF,
> presumably I could use the forwarding hack to get the messages out of
> their system. However, I don't see a way to reply to forwarded
> messages without the replies looking like forgeries to a SPF-aware
> system. The FAQ talks about SASL SMTP. Can mutt speak this? Even if it
> could, it's even more doubtful that it could be taught to use a
> different SASL SMTP server for each email address.
>
> The situation would be even worse for ACM forwarders because I don't
> believe that the ACM provides outgoing SMTP service. Thus I highly
> doubt domains like ieee.org and acm.org will use SPF in the forseeable
> future.

According to mutt's manual, you can use ssl_starttls to make it establish
TLS (SASL) connections when possible. Something tricky with hooks might
also be possible. I don't know; I use a MTA to send my mail, not mutt,
and it's doable to set SASL up at that level (using exim or postfix).
SASL is a good thing to have anyway when possible. Look at the headers
of this email, for example, which is going from my laptop via my server
over SASL, and may even use SASL enroute to Don's server, if he has it
enabled. Other reasons to use SASL on your laptop include not having to
worry if the wireless network your laptop is currently on is in RBLs and
the like.

But yes, there is a problem. Another example is that I often send mail
using my joeyh@debian.org email address, when I am doing something
connected with the Debian project. So do other project members, but
there's no good way to actually relay that mail through the debian
servers that I know of. So debian can probably not afford to turn on
SPF, without at least a lot of work, and continuing administrative costs
(managing all those client certificates for relaying). This seems to
make it hard for dispersed and especially smaller-scale free software
projects to use email in traditional ways.

I've enabled SPF for my personal domain, for which the downsides are
small, but as far as using SPF to detect spam, I don't expect to let it
add more than 2 or 3 to a mail's spamassassin score.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040128/ecaf41c2/attachment.pgp 


More information about the linux-elitists mailing list