www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject Using SPF for apache.org
Date Thu, 17 Dec 2009 22:02:18 GMT
Unfortunately, it seems the spammers and virus sending like to forge
$common_name@apache.org quite often.

Our best way to combat this would be to add SPF on our root apache.org domain.

The problem is, we only recently added an authenticated SMTP server,
but most committers don't use it, and send outgoing apache.org emails
from their own providers.   If we just 'turned on' SPF, many
committers would be unable to send email.  It is definitely something
we should do -- I've been thinking about using the SPF extension to
define the user part in the DNS, so we could do an opt in SPF record
on a per user basis, so something like this in the root DNS:
"v=spf1 include:%{l}.spf.apache.org"

Then we would create an tom.spf.apache.org with:
"v=spf1 a:smtp.apache.org -all"
But for anyone who hasn't Op'ed in, it would be a record like this:
"v=spf1 a:smtp.apache.org ?all"

I think this could work, but I am by no means an SPF expert.

This is reflected in infrabot:
task 21: joes4: create spf records for apache.org without breaking too much shit

If someone wanted to volunteer to start hacking on this and testing it
would, that would be great though!

Thanks,
Paul

Mime
View raw message