[Owasp-board] SPF records added for lists.owasp.org

Kelly kelly.santalucia at owasp.org
Sat Feb 22 15:33:28 UTC 2014


Thanks Matt 

Sent from my iPhone

On Feb 22, 2014, at 1:45 AM, Matt Tesauro <matt.tesauro at owasp.org> wrote:

> After an email conversation with Lucas Ferreira about some complaints he had from "people" complaining about being force-ably added to an OWASP list, I went ahead and added SPF records [1] for lists.owasp.org.  
> 
> Looking into the two address he sent me, both showed a couple email requests to unsubscribe but neither were a member of any list on our Mailman install.
> 
> On the off chance, someone was spoofing email from lists.owasp.org, I setup the SPF record and confirmed it is available and passes checks - using a SPF verification site [2] as well as sending a test post to a list and looking at the reply headers:
> [snip]
> Received-SPF: pass (google.com: domain of openstack_security_project-bounces at lists.owasp.org designates 162.209.12.188 as permitted sender) client-ip=162.209.12.188;
> [snip]
> 
> I don't expect any negative impacts on legit users of our lists but wanted to let you know in case someone has problems, notices the SPF addition or asks.
> 
> Cheers!
> 
> [1] http://en.wikipedia.org/wiki/Sender_Policy_Framework
> 
> [2] http://mxtoolbox.com/SuperTool.aspx?action=spf%3alists.owasp.org&run=toolpage
> 
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140222/1cbff849/attachment.html>


More information about the Owasp-board mailing list