On Wed, 2009-01-28 at 21:55 +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > seth vidal wrote: > > On Wed, 2009-01-28 at 10:45 -0800, Scott Silva wrote: > >> But it also made the announce-list. I assumed the announce list was only > >> writable by a select few. > > > > and the email came from lance at centos.org > > > > lance at centos.org was one of the select few. > > There is no SPF record for centos.org > > If one can be added then this sort of fakes can be prevented. Anyone > using the centos.org domain in email should login to a centos.org server > to send out email that way. > > I know it works because that is how I send out email from my own domain. > All family members need to use the central server as relay to send out > email with the family domain. And they can only authenticate using TLS > and SASL. > -1 to SPF. Don't rely on technologies not everyone is using. -sv