[CentOS-devel] Spammer: Did we shut him down?

Wed Jan 28 21:03:04 UTC 2009
seth vidal <skvidal at fedoraproject.org>

On Wed, 2009-01-28 at 21:55 +0100, Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> seth vidal wrote:
> > On Wed, 2009-01-28 at 10:45 -0800, Scott Silva wrote:
> >> But it also made the announce-list. I assumed the announce list was only
> >> writable by a select few.
> > 
> > and the email came from lance at centos.org
> > 
> > lance at centos.org was one of the select few.
> 
> There is no SPF record for centos.org
> 
> If one can be added then this sort of fakes can be prevented. Anyone
> using the centos.org domain in email should login to a centos.org server
> to send out email that way.
> 
> I know it works because that is how I send out email from my own domain.
> All family members need to use the central server as relay to send out
> email with the family domain. And they can only authenticate using TLS
> and SASL.
> 


-1 to SPF.

Don't rely on technologies not everyone is using.

-sv