Heho, > Thanks for this. I tried it a few days ago (I think because you > posted it to opensmtpd-misc? :-) Yeah, also shared it there, hoping for more motivation to implement DANE/MTA-STS in OpenSMTPd. Next escalation step is releasing code i wrote for other projects and threatening to send patches. ;-P
> and without doing anything my ‘score’ went from 7 to 8 since I last > checked! At this rate I expect a 10 by Friday. Unlikely ;-) But i got more lenient with DKIM headers, which might have improved your score. > Is DNSSEC-signing PTR records common? Will it affect delivery in > practice? I doubt that it affects deliverability in any way (if, at all, negatively, if DNSSEC breaks... which... well.) The test mostly works from a 'perfect world' perspective, and there, of course, everything DNS would be DNSSEC signed. ;-) > One confusing UI thing: under ‘DMARC’, the ‘(default)’ is either > in error or its meaning unclear: > > adkim s (default) (plain-text; OPTIONAL; default is "r".) > … > aspf s (default) (plain-text; OPTIONAL; default is "r".) > … > fo 1 (default) … (plain-text; OPTIONAL; default is > "0"). Thanks for catching that; Found and fixed. :-) Pushing when i am through all the feedback. With best regards, Tobias _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop