On 2023-04-13 09:12, Vojtěch Zeisek wrote:
Hi, probably not important, but I got classical scam faking openSUSE admin, see <https://paste.opensuse.org/pastes/74905cfd9aad> Enjoy. :-) Yours, V.
I suspect that nothing can be done. The thing is that, by design, anyone can send saying "I am "whomever@opensuse.org", because as there is no proper smtp server for the opensuse.org alias and each of us has to use their own methods to send that email, it basically means that they can not be filtered. No authentication checks are possible. cer@Telcontar:~> nslookup -type=txt opensuse.org Server: 192.168.1.16 Address: 192.168.1.16#53 Non-authoritative answer: opensuse.org text = "v=spf1 include:_spf.opensuse.org ?all" opensuse.org text = "google-site-verification=lSkTjo9mv48fTfzd-vZiZ2Yih6b8CJ-ek4Xij9v7KTY" Authoritative answers can be found from: cer@Telcontar:~> Types of rejection levels: -all (reject or fail them - don't deliver the email if anything does not match) ~all (soft-fail them - accept them, but mark it as 'suspicious') +all (pass regardless of match - accept anything from the domain) ?all (neutral - accept it, nothing can be said about the validity if there isn't an IP match) <https://support.mailessentials.gfi.com/hc/en-us/articles/360015116520-How-to-check-and-read-a-Sender-Policy-Framework-record-for-a-domain> -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)