On Friday, March 4, 2022 9:15:59 AM EST Baptiste Beauplat wrote: > > > >> mentors.debian.net with the following message: > > Can you please share the complete headers of the bounced message? Aka > > the thing in the message/rfc822 part of the DSN message. Right now we > > don't know what they see from your explanation. > > I'm attached the bounce. > > Am I mistaken in thinking that's only a case of simply rejecting > unsigned DKIM email? I've just gone through the process of securing email with Google so I might be able to help a bit. Google uses a number of criteria when blocking. A missing DKIM is just one. See the referenced document: https://support.google.com/mail/answer/81126 One of the problems here is that mentors.debian.net does not have the standard email security DNS records - SPF, DKIM, DMARC, MTA-TLS, DANE. This doesn't automatically cause Google to classify as spam but we really should have these in place to protect email. As an example, we may be spoofing mentors.debian.net with wv-debian- mentors1.wavecloud.de (not 100% clear with the headers provided). SPF could handle this. -- JP
Attachment:
signature.asc
Description: This is a digitally signed message part.