On 29-10-2020 04:34, Rick Moen wrote: > Quoting Bernard Rosset via Dng (dng@lists.dyne.org): > >> It seems we're drifting away from the main subject. >> Count me in! > Roger that! Subject header tweaked. > >> ? >> If your emails are being refused by others, including major email >> hosters, I would kindly suggest you check you got at least correct >> SPF + DKIM entries. You can throw DMARC into the mix if you wish so, >> too. > Umm... > > As I already mentioned upthread, my domains' e-mail continue to have > very high deliverability. Those domains feature strongly asserted SPF > RRs in their auth DNS. > > However, by carefully considered local policy, I decline to also > implement DKIM/DMARC, considering those extensions to have been botched > in design and implementation by Yahoo, Inc. (DKIM seems to be the > keystone problem, there, particularly its hapless hostility to > MLM-mediated forwarding.) Empirically, I so far perceive no measurable > loss of host reputation from declining to implement DKIM/DMARC. > > I _do_ publish, in each of my domains' DNS, deliberately non-compliant > DMARC RRs, just to make my stance quite clear, e.g.: > > :r! dig -t txt _dmarc.linuxmafia.com @ns1.linuxmafia.com +short > "DMARC: tragically misdesigned since 2012. Check our SPF RR, instead." > > >> It's saddening to assess how little is known by the general public >> (including people who actually work on technical matters in IT) about >> key technologies, like DNS (the mother/father of all) or email. > True datum: When I began hosting my own SMTP smarthosts, I was still a > staff accountant (UK: chartered accountant) for a living, not a > sysadmin. Fortunately, nobody told me I couldn't do it, so it worked.
I do administer 3 different mailservers from which 1 does have the full package from spf, dkim and dmarc. In my experience dmarc does not add much of value but spf does. Dkim is much liked by isp's with strict spam policies. But those are still reachable without after some waiting time as long as you are not on a spam blocklist. A reverse dns record does help too. To ease the maintenance of those servers i intend to migrate them to docker containers. I wonder people on this list have experience on this subject? Grtz. Nick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng