Correction . . . Wednesday 10/3! (sometimes I still think it's 2011)
jg
On Fri, 28 Sep 2012, Jeff Green wrote:
I'm planning to deploy Sender Policy Framework
(SPF) for the
wikimedia.org
domain on Weds October 5. SPF is a framework for validating outgoing mail,
which gives the receiving side useful information for spam filtering. The
main goal is to cause spoofed @wikimedia.org mail to be correctly identified
as such. It should also improve our odds of getting fundraiser mailings into
inboxes rather than spam folders.
The change should not be noticeable, but the most likely problem would be
legitimate @wikimedia.org mail being treated as spam. If you hear of this
happening please let me know.
Technical details are below for anyone interested . . .
Thanks,
jg
Jeff Green
Operations Engineer, Special Projects
Wikimedia Foundation
149 New Montgomery Street, 3rd Floor
San Francisco, CA 94105
jgreen(a)wikimedia.org
. . . . . . .
SPF overview
http://en.wikipedia.org/wiki/Sender_Policy_Framework
The October 8 change will be simply a matter of adding a TXT record to the
wikimedia.org DNS zone:
wikimedia.org IN TXT "v=spf1 ip4:91.198.174.0/24 ip4:208.80.152.0/22
ip6:2620:0:860::/46
include:_spf.google.com ip4:74.121.51.111 ?all"
The record is a list of subnets that we identify as senders (all wmf subnets,
google apps, and the fundraiser mailhouse). The "?all" is a "neutral"
policy--it doesn't state either way how mail should be handled.
Eventually we'll probably bump "?all" to a stricter "~all" aka
SoftFail,
which tells the receiving side that only mail coming from the listed subnets
is valid. Most ISPs will route 'other' mail to a spam folder based on
SoftFail.
Please bug me with any questions/comments!