On Fri, 2022-03-04 at 15:45 +0100, Baptiste Beauplat wrote:
> However for SPF, if I'm not mistaken, this is not possible for
> @debian.org addresses since Debian does not offers an MSA and
> therefor not a single (or enumerable list of) exit point.
Using SPF would be possible. Gentoo does that:
gentoo.org. IN TXT "v=spf1 [...] include:%{l}.%{o}.spf.gentoo.org ?all"
and their users can then add SPF entries for individual localparts.
But either way is quite complicated for "just" using a mail address for
outgoing mail.
Also some infrastructure in Debian will break DKIM signatures. For
example, bugs.debian.org (always) and lists.debian.org (sometimes, for
example when List-* header fields are part of the DKIM signature). So
one can't rely on valid SPF/DKIM anyway and, as far as I understand,
rely on debian.org infrastructure being on providers' whitelists
instead (as it "impersonates" other domains in mail sender addresses).
Ansgar
