libravatar-fans team mailing list archive

[Lars Kruse <lists@xxxxxxxxxxxxx>]

Hello,

our mail domain (libravatar.org) is hosted by systemausfall.org (see [1]).

Due to upcoming changes of the setup I was a asked to modify our DNS records.


# SPF record

The current value or our SPF record is:

 "v=spf1 mx include:_spf.google.com include:mailgun.org +a ~all"

(see `dig +short libravatar.org | grep v=spf`)

The new value should should be:

 "v=spf1 mx include:_spf.google.com include:mailgun.org
 include:mail.senselab.org +a ~all"

This would allow mails to pass the SPF test, if they originate from the
systemausfall.org mail server.
Previously the systemausfall.org SPF rules were not included at all, but this
did not hurt, since outgoing automated emails (to users) are emitted via
mailgun.
Outgoing mail from personal accounts (see [2]) would indeed benefit from the
changed SPF record. But these personal accounts are probably rarely used for
sending emails.


# DMARC policy

Currently we do not define a DMARC policy.

In theory this is not a problem.
But in reality many mail servers seem to treat the existence of a DMARC record
as a sign of a non-spam domain.

Thus, I would recommend to add the following DMARC policy:

 "v=DMARC1; p=none; pct=100; rua=mailto:dmarc-reports@xxxxxxxxxxxx";

This defines a "none" policy. Thus, mails are not supposed to be treated badly
in case of a failed DMARC evaluation.
(we do not use DKIM, thus our DMARC tests always fail)


I would change these DNS entries in few days, if no one has objections.

Cheers,
Lars


[1] https://wiki.libravatar.org/infrastructure/mail_domain/
[2] https://wiki.libravatar.org/infrastructure/mail_domain/#index3h1