On Wed 03/04 11:36, Gilles Chehade wrote:
> On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote:
> > Hi,
> > 
> 
> Hi,
> 
> > Reading the Internet and looking at actual public DNS records and email
> > headers, there seem to be disagreements regarding the usage of things
> > like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and
> > have not been rediscussed recently.
> > 
> > So far, I identified the followings:
> > - MUST: have a proper Reverse DNS
> > - MUST: have a proper HELO/EHLO value (matching DNS)
> > - MAY:  have SPF configured to announce official MTA
> > - MAY:  have DKIM configured to sign outgoing emails
> > - MAY:  have DMARC set with p=none             // many MTA won't check
> > - DONT: have DMARC set with p=(quarantine|reject)  // may break things
> > 
> > What would be the recommandations from the OpenSMTPD project as of 2019
> > when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are
> > there more things to add to this checklist?
> > 
> > Thank you.
> > 
> 
> No wonder there is no consensus: there's no "right" list, it depends for
> the most part on the reputation of the sender (reputation being trickier
> than just "IP reputation" as most people think) so different people will
> have different experience of what works and what doesn't.
> 
> I will write an in-depth article describing my way of modeling this, but
> in the mean time I'll tell you the following:
> 
> Today, SMTP exchanges rely on a proof of work.
> 
> Some recipient domains require a lot of work from senders, others won't,
> and with that in mind your list of things to setup may differ on who you
> are sending from, who you are sending to, the volumes of mails you send,
> the type of mails you send, etc...
> 
> My very own minimal would be:
> - have a dedicated IP address for mail with correct rDNS and fc-rDNS
> - setup the mta to support TLS (if needed, not the case on OpenSMTPD)
> - setup the mta to use a EHLO name matching DNS for the IP
> - setup SPF
> - setup DKIM
> 
> That would be my very very very very minimum requirements.

Great. Thanks!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to