Change to Mail Infrastructure - SPF and DKIM verification will now be enforced

Ben Cooksley bcooksley at kde.org
Fri Dec 4 19:18:56 GMT 2015


On Sat, Dec 5, 2015 at 8:14 AM, Nicolás Alvarez
<nicolas.alvarez at gmail.com> wrote:
> 2015-12-04 16:07 GMT-03:00 Rolf Eike Beer <kde at opensource.sf-tec.de>:
>> Ben Cooksley wrote:
>>> It is an extreme pity these mailing list providers have demonstrated
>>> such an extreme disregard for standards which aim to eliminate
>>> forgeries and ensure people cannot be digitally misrepresented. This
>>> is why we had to change Bugzilla a while back to send as
>>> bugzilla_noreply at kde.org instead of the acting user's email address -
>>> because Yahoo's enforcement policy meant GMail always placed mail from
>>> Yahoo users in the spam folder.
>>
>> Huh? Of course you _must_ send with a @kde.org address. My SPF policy forbids
>> you to send mail for my domain. And now you want to enforce SPF, but don't
>> properly handle it yourself?
>
> How would that work with mailing lists? I would receive your message
> with From: pointing at the mailing list address instead of your own?

There are two "From" fields for an email.

One is passed in the SMTP (RFC 5321) conversation in the "MAIL FROM"
component. This is what SPF validates and controls. This will finally
be placed in the Return-Path header when it is delivered into the
user's mailbox.

The other, which is ultimately shown in the user client as the "From"
field is just a header within the email. This is what DKIM protects
and validates.

Mailing Lists, when resending email will often use an address such as
"listname-bounces at domain" in the SMTP conversation (in order to
receive bounces, and remove users who can no longer receive mail the
list sends out in line with proper practice). They do not (usually)
alter the email header From.

>
> --
> Nicolás

Regards,
Ben




More information about the kde-core-devel mailing list