On Wed 03/04 11:36, Gilles Chehade wrote: > On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote: > > Hi, > > > > Hi, > > > Reading the Internet and looking at actual public DNS records and email > > headers, there seem to be disagreements regarding the usage of things > > like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and > > have not been rediscussed recently. > > > > So far, I identified the followings: > > - MUST: have a proper Reverse DNS > > - MUST: have a proper HELO/EHLO value (matching DNS) > > - MAY: have SPF configured to announce official MTA > > - MAY: have DKIM configured to sign outgoing emails > > - MAY: have DMARC set with p=none // many MTA won't check > > - DONT: have DMARC set with p=(quarantine|reject) // may break things > > > > What would be the recommandations from the OpenSMTPD project as of 2019 > > when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are > > there more things to add to this checklist? > > > > Thank you. > > > > No wonder there is no consensus: there's no "right" list, it depends for > the most part on the reputation of the sender (reputation being trickier > than just "IP reputation" as most people think) so different people will > have different experience of what works and what doesn't. > > I will write an in-depth article describing my way of modeling this, but > in the mean time I'll tell you the following: > > Today, SMTP exchanges rely on a proof of work. > > Some recipient domains require a lot of work from senders, others won't, > and with that in mind your list of things to setup may differ on who you > are sending from, who you are sending to, the volumes of mails you send, > the type of mails you send, etc... > > My very own minimal would be: > - have a dedicated IP address for mail with correct rDNS and fc-rDNS > - setup the mta to support TLS (if needed, not the case on OpenSMTPD) > - setup the mta to use a EHLO name matching DNS for the IP > - setup SPF > - setup DKIM > > That would be my very very very very minimum requirements.
Great. Thanks! -- You received this mail because you are subscribed to firstname.lastname@example.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org