Re: Can we please refuse mail to the list from list addresses?

On Wed, Nov 28, 2007 at 03:04:48PM -0400, Marc G. Fournier wrote:
> Wait, I think we're talking two different things here ... at least, I hope JD 
> is ... SMTP AUTH is required to send email *through* any of our servers, except 

Aha.

> MX ... but, what Magnus was proposing would have required CMD to setup their 
> MTA to do an SMTP AUTH to postgresql.org's MTA to send @postgresql.org ...

Well, this is possible, but it does make the mail server admin rather more
troublesome.

> 
> ie. if joshua@postgresql.org sent out email, it would deliver to his local MTA, 
> with his local MTA connecting to postgresql.org MTA, who would then deliver it 
> out to the world ...

Right.  In the anti-spam world these days, very few people are doing reverse
matching (that is, very few people compare the reverse lookup of the From:
address to the domain of the MTA whence the mail is coming).  It'll be
interesting to see what happens as SPF or DKIM -- the two loaded foot-guns
of the mail world -- take off, because then signing practices will start to
be important, and I suspect we'll find that mail not signed with the right
keys will all be classed as spam anyway.  So then you'll _have_ to use the
domain's own mail servers, or things won't be signed correctly (because I
assume that we're not going to be sharing the server's private keys widely
:-)  

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke