Re: @debian.org mail
Sam Hartman writes ("Re: @debian.org mail"):
> But more than that, you don't need the SPF record. Debian could pay
> to get on one of the white lists, we could use some services like
> Amazon SES, we could possibly get a good enough dkim reputation that
> we don't need to do any of the above.
Debian should certainly not pay to get on some white list. Nor should
we use some service whose primary purpose is gatekeeping.
> My point is that from experience, the SPF record will totally cripple
> people wanting to use their own infrastructure even worse than we see
> today.
>
> I absolutely agree with the idea of improving Debian's email reputation.
There are two things that are "wrong" with Debian's email reputation:
1. Some proprietary mail scanning systems used by corporates do not
experience enough mail from Debian's own servers, and therefore reckon
that some DSA-run email servers are not proper mail hosts.
security@d.o cannot email my work email address, and neither can I
from my own colo.
2. We have not published mail restriction DNS RRs. Some people seem
to think that this is a bad thing.
3. Some big services have other shitty heuristics which misclassify
mail from @debian.org users.
We cannot fix (2) without breaking the use case you talk about. We
cannot fix (1) because it is corporate stupidity.
We may be able to improve (3) but we should be careful not to do so in
a way that is not available to operators of other legitimate private
mail domains.
Debian is in a better position than most to resist the hegemony of an
oligopoly of unaccountable email providers. We should use our
political power, such as it is.
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: