On 8/8/08, Sandy Drobic
Alexey Eremenko wrote:
"a storm in a teacup" You mean that I make too much noise out of nothing? he-he. right.
Maybe we can Firewall openSUSE mailing lists - check all incoming emails somehow ?
That is a problem that persists to frustrate a lot of postmasters. Basically you can sign all mails leaving a server and verify the signature on the receiving server. Unfortunately only very few servers have already implemented such a system like DKIM or even the older domain keys. Also questions like what should happen with forwarded emails are still not entirely solved.
In short words: unless signing all mails becomes mandantory nothing will be done.
-- Sandy
All, I have not followed the details on this particular email, but ... Google supports SPF and at least makes an attempt to ensure all sent email from their systems has an authorized from addresses. The problem here is that the recipient (ie. the opensuse mailing list) is apparently not supporting SPF. If the mailing list supported SPF, it would have gotten the list of authorized SMTP originators for gmail.com from the dns server, then it would have seen that the spoofed email originated elsewhere and simply trashed it. SPF is not perfect, but it s a big step up and if we all used it then spoofing email would be much harder. Greg -- Greg Freemyer Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer First 99 Days Litigation White Paper - http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org