On 2018-12-01 06:29:44 +0800 (+0800), Paul Wise wrote: > On Fri, 2018-11-30 at 17:17 -0500, Alexandre Viau wrote: > > > DMARC, SPF and DKIM can be used together prevent almost all > > scenarios of debian.org email spoofing. > > Which spoofing scenarios are not covered by this combination?
Compromise of the cryptographic keys or primitives in use, compromise of the authorized MTAs, compromise of the sender's SMTP submission account, compromise of the sender's MUA/system, and biggest of all of course is recipients who don't validate SPF/DKIM. -- Jeremy Stanley
signature.asc
Description: PGP signature