[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org mail



We (debian/DSA) do not provide email hosting. We provide email
forwarding.

DSA should re-evaluate that.

We run into more and more problems sending from @debian.org email addresses as the three big players in email ratchet up their anti-spam measures.

They are hosting a huge share of our users' email and the same for prospective contributors:
<https://daniel-lange.com/archives/150-Google-GMail-continues-to-own-the-email-market,-Microsoft-is-catching-up.html>

The default reply for missing wafer confirmation emails (the software running debconf19.debconf.org) and missing salsa password reset emails is "check your Spam folder". Debian.org doesn't have a SPF record so mail submitted from such Debian machines is a bit in a limbo.

We have more people registered for DebConf ("the Debian Developers' conference") with @gmail.com than @debian.org addresses.

Mail submitted from DD's private IPs frequently gets flagged as spam regardless of content by all three big players and - if submitted via IPv6 - refused directly by Google. Microsoft and Yahoo still run their MXs IPv4 only. But we can expect a similar policy once they add IPv6 SMTPs at scale. And they won't warn us up-front. The missing SPF record mentioned above means there is a lot of spam circulating with @debian.org fake senders and obviously our open submission policy on many mailing-lists and @debian.org technical addresses also fan out quite some spam. So we're not the best netizens we could be.

To do better, we should really offer SMTP submission/IMAP services for @debian.org as soon as possible and - after a grace period - publish a mx -all SPF record.

Google has added mailly and muffat to their internal has-no-proper-SPF-policy-whitelist (thank you!). This will obviously increase the problems for people not sending via Debian machines down the road. Which is why a few people - including me - now route outbound via these Debian MX machines. That's a work-around for the technically inclined but won't really scale.

People have tried mending the gap by offering accounts on their personal infrastructure to fellow developers (and thanks for that Tollef and others).

We like people to use their @debian.org or @debconf.org email address when reaching out to sponsors and suppliers as this adds (perceived) credibility and (true) visibility. So we should make it easy for people to use those email addresses.

Just maintaining the status-quo of email-forwarding only seems past its useful life time.

Kind regards,
Daniel

P.S.: I have offered helping to run email services to DSA in the past.
I don't only complain. But DSA has the issue of them having to run committed infrastructure in the end. So if - for example - the Salsa team were not wanting to run salsa.debian.org anymore, DSA would end up having to add this to their work load. This is why DSA need to prioritize email regardless of who will set it up and run it initially.


Reply to: