On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote:
> Hi,
> 

Hi,

> Reading the Internet and looking at actual public DNS records and email
> headers, there seem to be disagreements regarding the usage of things
> like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and
> have not been rediscussed recently.
> 
> So far, I identified the followings:
> - MUST: have a proper Reverse DNS
> - MUST: have a proper HELO/EHLO value (matching DNS)
> - MAY:  have SPF configured to announce official MTA
> - MAY:  have DKIM configured to sign outgoing emails
> - MAY:  have DMARC set with p=none             // many MTA won't check
> - DONT: have DMARC set with p=(quarantine|reject)  // may break things
> 
> What would be the recommandations from the OpenSMTPD project as of 2019
> when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are
> there more things to add to this checklist?
> 
> Thank you.
> 

No wonder there is no consensus: there's no "right" list, it depends for
the most part on the reputation of the sender (reputation being trickier
than just "IP reputation" as most people think) so different people will
have different experience of what works and what doesn't.

I will write an in-depth article describing my way of modeling this, but
in the mean time I'll tell you the following:

Today, SMTP exchanges rely on a proof of work.

Some recipient domains require a lot of work from senders, others won't,
and with that in mind your list of things to setup may differ on who you
are sending from, who you are sending to, the volumes of mails you send,
the type of mails you send, etc...

My very own minimal would be:
- have a dedicated IP address for mail with correct rDNS and fc-rDNS
- setup the mta to support TLS (if needed, not the case on OpenSMTPD)
- setup the mta to use a EHLO name matching DNS for the IP
- setup SPF
- setup DKIM

That would be my very very very very minimum requirements.

-- 
Gilles Chehade                                                 @poolpOrg

https://www.poolp.org                 tip me: https://paypal.me/poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to