On Wed, 2009-01-28 at 21:55 +0100, Hugo van der Kooij wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
seth vidal wrote:
On Wed, 2009-01-28 at 10:45 -0800, Scott Silva wrote:
But it also made the announce-list. I assumed the announce list was only writable by a select few.
and the email came from lance@centos.org
lance@centos.org was one of the select few.
There is no SPF record for centos.org
If one can be added then this sort of fakes can be prevented. Anyone using the centos.org domain in email should login to a centos.org server to send out email that way.
I know it works because that is how I send out email from my own domain. All family members need to use the central server as relay to send out email with the family domain. And they can only authenticate using TLS and SASL.
-1 to SPF.
Don't rely on technologies not everyone is using.
-sv