On 3/4/22 15:41, LeJacq, Jean Pierre wrote: > Google uses a number of criteria when blocking. A missing DKIM is just one. > See the referenced document: > > https://support.google.com/mail/answer/81126 > > One of the problems here is that mentors.debian.net does not have the > standard > email security DNS records - SPF, DKIM, DMARC, MTA-TLS, DANE. This doesn't > automatically cause Google to classify as spam but we really should have > these > in place to protect email. > > As an example, we may be spoofing mentors.debian.net with wv-debian- > mentors1.wavecloud.de (not 100% clear with the headers provided). SPF could > handle this.
Indeed we are looking into it for mentors. However for SPF, if I'm not mistaken, this is not possible for @debian.org addresses since Debian does not offers an MSA and therefor not a single (or enumerable list of) exit point. -- Baptiste Beauplat - lyknode
