[Owasp-board] SPF records added for lists.owasp.org
kelly.santalucia at owasp.org
Sat Feb 22 15:33:28 UTC 2014
Sent from my iPhone
On Feb 22, 2014, at 1:45 AM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> After an email conversation with Lucas Ferreira about some complaints he had from "people" complaining about being force-ably added to an OWASP list, I went ahead and added SPF records  for lists.owasp.org.
> Looking into the two address he sent me, both showed a couple email requests to unsubscribe but neither were a member of any list on our Mailman install.
> On the off chance, someone was spoofing email from lists.owasp.org, I setup the SPF record and confirmed it is available and passes checks - using a SPF verification site  as well as sending a test post to a list and looking at the reply headers:
> Received-SPF: pass (google.com: domain of openstack_security_project-bounces at lists.owasp.org designates 184.108.40.206 as permitted sender) client-ip=220.127.116.11;
> I don't expect any negative impacts on legit users of our lists but wanted to let you know in case someone has problems, notices the SPF addition or asks.
>  http://en.wikipedia.org/wiki/Sender_Policy_Framework
>  http://mxtoolbox.com/SuperTool.aspx?action=spf%3alists.owasp.org&run=toolpage
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board