[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gmail bounce unauthenticated @debian.org addresses

On Fri, 2022-03-04 at 15:45 +0100, Baptiste Beauplat wrote:
> However for SPF, if I'm not mistaken, this is not possible for
> @debian.org addresses since Debian does not offers an MSA and
> therefor not a single (or enumerable list of) exit point.

Using SPF would be possible. Gentoo does that:

  gentoo.org. IN TXT "v=spf1 [...] include:%{l}.%{o}.spf.gentoo.org ?all"

and their users can then add SPF entries for individual localparts.

But either way is quite complicated for "just" using a mail address for
outgoing mail.

Also some infrastructure in Debian will break DKIM signatures. For
example, bugs.debian.org (always) and lists.debian.org (sometimes, for
example when List-* header fields are part of the DKIM signature). So
one can't rely on valid SPF/DKIM anyway and, as far as I understand,
rely on debian.org infrastructure being on providers' whitelists
instead (as it "impersonates" other domains in mail sender addresses).

Ansgar
Reply to: