[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Authentication failure reports (DNS/SPF/DMARC) - tracker.debian.org


William Desportes writes:
> I receive DMARC reports about emails sent from the Debian tracker or
> another server.
> I think that you use your internal email servers to send emails to other
> services using my domain name. And because you are not listed in my SPF
> field I have reports sent to me. (I am unsure about the explanation)

That is correct.  Several Debian services are sending mail using the
maintainer address or submitter address (for bug reports) as the "From"
field in mails.  We cannot expect people to list Debian's mail servers
in their SPF record and not all mails have DKIM signatures (and some of
Debian's services like the bug tracker invalidate DKIM signatures by
modifying the mail).

> I had a look to the db page and you have 2 public mail servers. Do I
> need to add them to my SPF TXT DNS field ?

I think with SPF/DKIM/DMARC it is slowly getting time for Debian to stop
using mail addresses in "From" that Debian doesn't directly control.

> From: William Desportes <williamdes@wdes.fr>
> Subject: Accepted phpmyadmin 4:4.2.12-2+deb8u8 (source all) into oldoldstable

For the concrete case of mail generated by the Debian archive, I've been
considering to change the sender addresses to something like

  From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
  From: Debian Archive <noreply@ftp-master.d.o>


  From: Maintainer Name via Debian Archive <noreply@ftp-master.d.o>

and maybe set

  Reply-To: Maintainer Name <maintainer@example.com>

I'm not sure about other services, but I know several mailing lists have
started to change "From" to something like

  From: Some Name via Some List <somelist@lists.example.com>

Maybe other services like the bug tracker could also use such a scheme.


Reply to: