[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gmail bounce unauthenticated @debian.org addresses

On Friday, March 4, 2022 10:14:09 AM EST Ansgar wrote:
> On Fri, 2022-03-04 at 15:45 +0100, Baptiste Beauplat wrote:
> > However for SPF, if I'm not mistaken, this is not possible for
> > @debian.org addresses since Debian does not offers an MSA and
> > therefor not a single (or enumerable list of) exit point.
> 
> Using SPF would be possible. Gentoo does that:
> 
>   gentoo.org. IN TXT "v=spf1 [...] include:%{l}.%{o}.spf.gentoo.org ?all"
> 
> and their users can then add SPF entries for individual localparts.
> 
> But either way is quite complicated for "just" using a mail address for
> outgoing mail.
> 
> Also some infrastructure in Debian will break DKIM signatures. For
> example, bugs.debian.org (always) and lists.debian.org (sometimes, for
> example when List-* header fields are part of the DKIM signature). So
> one can't rely on valid SPF/DKIM anyway and, as far as I understand,
> rely on debian.org infrastructure being on providers' whitelists
> instead (as it "impersonates" other domains in mail sender addresses).

There are standard best practices for forwarding support in SPF.

http://www.open-spf.org/Best_Practices/Forwarding/

-- 
JP
Reply to: