Re: @debian.org mail
Marco d'Itri <md@Linux.IT> writes:
> On Jun 03, Russ Allbery <rra@debian.org> wrote:
>> A possibly useful compromise is to do what Marco suggested: publish SPF
>> records for domains like lists.debian.org, where all the mail is coming
>> from Debian infrastructure. That can easily be -all. And then at
>> least we have the option of moving some of the most important official
>> mail messages (password reset links and so forth) to a subdomain with
>> -all SPF records, without affecting the flow of @debian.org mail.
> I have never suggested using -all because we are discussing improving
> deliverability issues and -all cannot do this. -all would stop some
> forged emails, but we do not have forged email issues.
Right, sorry, I should have been clearer that DKIM should be the top
priority rather than worrying about SPF, since that will do the most to
directly improve our sender reputation. The point that you raised was
using subdomains, which I think is by far the easiest way to proceed.
debian.org itself is a complicated problem, but we can do a lot for, say,
lists.debian.org or bugs.debian.org by adding DKIM signing without
tackling that problem.
That said, it has been my anecdotal experience that adding restrictive
DMARC or SPF policies does help with sender reputation somewhat, but I
haven't tested this in any scientific way and it may be that I was
confusing correlation with causation.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: