SPF and mailing lists
Noam Rathaus
noamr at beyondsecurity.com
Wed Mar 18 17:52:18 IST 2009
Hi Shachar,
Are you sure about the SPF?
The idea of SPF and Mailing list to is "forward all emails" so they appear to
come from the mailing list, and utilize the reply-to so that replies get sent
to the right location.
I suggest reading:
http://www.openspf.org/FAQ/Forwarding
Which explains what you need to do to make your mailing list "SPF compatible".
On Wednesday 18 March 2009 16:31:39 Shachar Shemesh wrote:
> Hi all,
>
>
> I have a client that is an academic institute. They set up a mailing
> list server for their students, so they can communicate within courses
> and such. When we try to send email out, however, Google starts
> complaining, pointing us at
> https://mail.google.com/support/bin/answer.py?answer=81126. Among other
> things, this suggests we set up SPF for our emails, and use consistent
> "from" addresses.
>
>
> While both suggestions seem like good suggestions on first review,
> digging just a little deeper shows that they are practically impossible
> to implement. Any SPF record I put on the machine will only apply to
> emails appearing to originate from "lists.academy.ac.il". Since this is
> a mailing list, most actual emails will arrive from either teachers
> ("teacher at academy.ac.il") or from students ("student at gmail.com").
> Neither will have a valid SPF record.
>
>
> It appears that, once again, spam has brought in casualties.
>
>
> I am trying to tell Mailman to rewrite the sender's address to be that
> of the list, but that seems like a fairly great sacrifice in sender
> identity. It is entirely possible that in a couple of weeks enough gmail
> users white list the server for google to get the hint. I simply don't
> know.
>
>
> If anyone has any constructive suggestions how to make things work
> smoother, please share
>
>
> Shachar
>
> --
> Shachar Shemesh
> Lingnu Open Source Consulting Ltd.
> http://www.lingnu.com
--
Noam Rathaus
CTO
noamr at beyondsecurity.com
http://www.beyondsecurity.com
"Know that you are safe."
Join Beyond Security in London
at Infosecurity Europe, April 28-30, Booth M71
More information about the Linux-il
mailing list