[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gmail bounce unauthenticated @debian.org addresses



On Friday, March 4, 2022 9:45:21 AM EST Baptiste Beauplat wrote:
> On 3/4/22 15:41, LeJacq, Jean Pierre wrote:
> > Google uses a number of criteria when blocking. A missing DKIM is just
> > one.
> > See the referenced document:
> > 
> > https://support.google.com/mail/answer/81126
> > 
> > One of the problems here is that mentors.debian.net does not have the
> > standard email security DNS records  - SPF, DKIM, DMARC, MTA-TLS, DANE.
> > This doesn't automatically cause Google to classify as spam but we really
> > should have these in place to protect email.
> > 
> > As an example, we may be spoofing mentors.debian.net with wv-debian-
> > mentors1.wavecloud.de (not 100% clear with the headers provided). SPF
> > could
> > handle this.
> 
> Indeed we are looking into it for mentors.
> 
> However for SPF, if I'm not mistaken, this is not possible for
> @debian.org addresses since Debian does not offers an MSA and therefor
> not a single (or enumerable list of) exit point.

SPF can handle delegation like this without too much trouble.

-- 
JP




Reply to: