On Friday, March 4, 2022 10:14:09 AM EST Ansgar wrote:
> On Fri, 2022-03-04 at 15:45 +0100, Baptiste Beauplat wrote:
> > However for SPF, if I'm not mistaken, this is not possible for
> > @debian.org addresses since Debian does not offers an MSA and
> > therefor not a single (or enumerable list of) exit point.
>
> Using SPF would be possible. Gentoo does that:
>
> gentoo.org. IN TXT "v=spf1 [...] include:%{l}.%{o}.spf.gentoo.org ?all"
>
> and their users can then add SPF entries for individual localparts.
>
> But either way is quite complicated for "just" using a mail address for
> outgoing mail.
>
> Also some infrastructure in Debian will break DKIM signatures. For
> example, bugs.debian.org (always) and lists.debian.org (sometimes, for
> example when List-* header fields are part of the DKIM signature). So
> one can't rely on valid SPF/DKIM anyway and, as far as I understand,
> rely on debian.org infrastructure being on providers' whitelists
> instead (as it "impersonates" other domains in mail sender addresses).
There are standard best practices for forwarding support in SPF.
http://www.open-spf.org/Best_Practices/Forwarding/
--
JP
