From 38fb7adba38b668fd62b1eb8fe92cec4b5974035 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 13 Dec 2022 17:52:28 +0100 Subject: Remove note that Fripost doesn't use DNSSEC. Our zone has been authenticated since mid September 2021. --- e-post/doman.mdwn | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn index 4c153db..c20a76c 100644 --- a/e-post/doman.mdwn +++ b/e-post/doman.mdwn @@ -275,10 +275,9 @@ Here `example.org` is merely copying Fripost's policy. Here the policy says that mails `@example.org` should PASS if they're being accepted by Fripost's policy, that is if the sender host is `outgoing.fripost.org` and FAIL otherwise (where Fripost's policy would -return NEUTRAL). Note however that DNS is spoofable, and as -unfortunately Fripost doesn't use DNSSEC at the moment, an attacker -could for instance poison the DNS cache and fake the reply for -`outgoing.fripost.org`'s TXT record. +return NEUTRAL). Note however that DNS is spoofable, and if the +`example.org` zone isn't authenticated then an attacker could poison the +DNS cache resulting in a malicious SPF policy. example.org IN TXT "v=spf1 a include:outgoing.fripost.org -all" -- cgit v1.2.3