Re: @debian.org mail
We (debian/DSA) do not provide email hosting. We provide email
forwarding.
DSA should re-evaluate that.
We run into more and more problems sending from @debian.org email
addresses as the three big players in email ratchet up their anti-spam
measures.
They are hosting a huge share of our users' email and the same for
prospective contributors:
<https://daniel-lange.com/archives/150-Google-GMail-continues-to-own-the-email-market,-Microsoft-is-catching-up.html>
The default reply for missing wafer confirmation emails (the software
running debconf19.debconf.org) and missing salsa password reset emails
is "check your Spam folder". Debian.org doesn't have a SPF record so
mail submitted from such Debian machines is a bit in a limbo.
We have more people registered for DebConf ("the Debian Developers'
conference") with @gmail.com than @debian.org addresses.
Mail submitted from DD's private IPs frequently gets flagged as spam
regardless of content by all three big players and - if submitted via
IPv6 - refused directly by Google. Microsoft and Yahoo still run their
MXs IPv4 only. But we can expect a similar policy once they add IPv6
SMTPs at scale. And they won't warn us up-front.
The missing SPF record mentioned above means there is a lot of spam
circulating with @debian.org fake senders and obviously our open
submission policy on many mailing-lists and @debian.org technical
addresses also fan out quite some spam. So we're not the best netizens
we could be.
To do better, we should really offer SMTP submission/IMAP services for
@debian.org as soon as possible and - after a grace period - publish a
mx -all SPF record.
Google has added mailly and muffat to their internal
has-no-proper-SPF-policy-whitelist (thank you!). This will obviously
increase the problems for people not sending via Debian machines down
the road.
Which is why a few people - including me - now route outbound via these
Debian MX machines. That's a work-around for the technically inclined
but won't really scale.
People have tried mending the gap by offering accounts on their personal
infrastructure to fellow developers (and thanks for that Tollef and others).
We like people to use their @debian.org or @debconf.org email address
when reaching out to sponsors and suppliers as this adds (perceived)
credibility and (true) visibility. So we should make it easy for people
to use those email addresses.
Just maintaining the status-quo of email-forwarding only seems past its
useful life time.
Kind regards,
Daniel
P.S.: I have offered helping to run email services to DSA in the past.
I don't only complain. But DSA has the issue of them having to run
committed infrastructure in the end. So if - for example - the Salsa
team were not wanting to run salsa.debian.org anymore, DSA would end up
having to add this to their work load. This is why DSA need to
prioritize email regardless of who will set it up and run it initially.
Reply to: