tickets #91055
closedset up an SPF record for lists.opensuse.urg
0%
Description
I think it would be useful for 'lists.opensuse.org' to have an SPF record, but I understand our DNS has been moved to powerdns on chip.i.o.o ? I don't seem to have any access to chip.
Outbound mail from mailman are sent via anna/elsa.
New TXT record for 'lists':
v=spf1 mx a:proxy-nue1.opensuse.org a:proxy-nue2.opensuse.org ?all
Let us start with a neutral policy "?all", just in case.
Updated by cboltz about 3 years ago
- Status changed from New to Resolved
SPF record for lists.o.o added.
My personal opinion about SPF is (besides that it's broken by design) that we should keep ?all to avoid that we break people who use mail forwarding.
Updated by pjessen about 3 years ago
cboltz wrote:
SPF record for lists.o.o added.
Thanks.
My personal opinion about SPF is (besides that it's broken by design) that we should keep ?all to avoid that we break people who use mail forwarding.
I'm no real fan of SPF either, but it does do some good in combatting misuse of email-addresses.
There are two different topics - opensuse.org and lists.opensuse.org.
opensuse.org - the current SPF record looks like it could do with some TLC:
v=spf1 ip4:91.193.113.64/27 ip4:143.186.213.0/24 ip4:147.2.0.0/16 ip4:149.44.0.0/16 ip4:195.135.220.0/23 ip6:2001:67c:2178::/48 ip6:2620:113:8044::/48 ip6:2a01:138:a004::/48 ip6:2a07:de40:401::/48 mx ~all
For 'opensuse.org', we have to allow sending from any server, so "v=spf1 ?all" would really be sufficient. Or we could just delete it.
lists.opensuse.org - this is different, only mailman is permitted to send emails from that address. Initially, I wanted the "?all", just in case I had screwed up the setup, but I mostly expect to change to "-all". It is certainly possible that people have list mails forwarded, but isn't that likely to be a rare exception?