Change to Mail Infrastructure - SPF and DKIM verification will now be enforced

Valorie Zimmerman valorie.zimmerman at gmail.com
Thu Dec 10 10:04:48 GMT 2015


I just submitted a request to Ubuntu to upgrade their list infra. I
showed Ben a sample email header and they were not compliant. I
included a link to Ben's explanatory post:
http://marc.info/?l=kde-core-devel&m=144956641505429&w=1

It took less than five minutes to file the ticket.

All the best,

Valorie

On Wed, Dec 9, 2015 at 3:22 AM, Boudhayan Gupta <bgupta at kde.org> wrote:
> Hi all,
>
> I'm going recount a personal experience here. I have my own domain
> (BaloneyGeek.com) and I use Google Apps for Business for my E-Mail.
>
> A couple of months ago I shifted DNS providers and took the
> opportunity to properly set up E-Mail verification and signing. Using
> Google's documentation, I enabled SPF, and then tested. Then I enabled
> DKIM and tested.
>
> So far, everything was fine.
>
> Then I enabled DMARC and all hell broke loose. Even though Google's
> configuration checker gave me a green tick on DMARC configuration, I
> couldn't send mail to any non Google-handled e-mail ID, without it
> being sent to spam. I know this because I tested with one Windows Live
> Mail (or whatever they call it these days) account and one Yahoo
> account. Both of them had a history of receiving e-mails from me.
>
> I would also get an XML file delivered to my inbox from every single
> e-mail server that handled my mail, with stats of how many mails they
> handled, how many passed auth, how many failed and how many were sent
> to spam. Apart from the annoyance of receiving tens of these mails per
> day, I noted that every single provider (other than Google) was
> failing auth on all my mails and sending them to spam.
>
> I dug around multiple docs (including RFC 7489, Google's docs, etc)
> and couldn't find any configuration errors I'd made.
>
> In they end I had to roll back DMARC (which took two days to propagate
> across all DNS caches, btw), while keeping SPF and DKIM enabled.
> Everything has been fine since then.
>
> So here's my two cents - SPF **should** always be enabled, that's the
> bare minimum you can do. DKIM enforces SPF using signing, so if you
> guys can implement that well, awesome. But be very careful when
> dealing with DMARC. From what I saw when I tried to set it up, no
> e-mail provider other than Google knows what to do with it.
>
> -- Boudhayan



-- 
http://about.me/valoriez




More information about the kde-core-devel mailing list