[AlternC-dev] After DKIM, let's DMARC & SPF ?

Retour à l'archive de la liste
Le site d'AlternC
Google Custom Search

Remi remi+tech at b6.be
Jeu 18 Juin 22:45:22 CEST 2015


On Wed, 17 Jun 2015, Benjamin Sonntag wrote:

|Hi all,
|
|since AlternC 3.1, we are automatically publishing DNS records and sign with DKIM emails sent by the server, for domains where we host DNS and EMAIL locally.
|
|Thanks to TXT records in advanced subdomains, we also can declare SPF records through the web interface, but one's need to do it, and to know what SPF is.
|
|Since it is more and more required by big email providers such as Google, Hotmail/Microsoft and Yahoo, I propose that we also declare SPF and DMARC records automatically from 3.1.7 / 3.2.7
|
|My proposal is as follow:
|
|- we declare 2 new variables : default_spf_value and default_dmarc_value, that can have some substitutions like %%DOMAIN%% %%ADMINMAIL%% %%USERMAIL%%...
|- we add hooks on set_variable so that we can propagate changes when we change a variable
|- the email class would have a function called for one or every domains in the following hooks:
|  hook_add_mx_doamain hook_del_mx_domain hook_variable_set
|that would create or update or delete TXT records in sub_domaines accordingly,
|- the hooks would NOT update the SPF/DMARC record if it has been changed manually through the DNS edit interface.
|
|- the default values for the variables would be "relax", saying that anything violating the SPF or DMARC rules would not be a problem.
|- of course, the admin account could choose more strict rules that would be applied on every installed domain.
|
|DMARC Specification: http://dmarc.org/resources/specification/
|DMARC at Google: https://support.google.com/a/answer/2466563?hl=en
|SPF: http://www.openspf.org/SPF_Record_Syntax
|
|I'd like to get your opinion on this feature

Hello Benjamin,

This sounds good to me, if not indispensable, given the policies of the 
main mail service providers.

It might be a good idea to have a default SPF value with a "redirect" to a 
default zone in order to let migration be easier:
	example.com. 300 IN TXT "v=spf1 redirect=_spf.hostingcompany.com"
but I don't know if it's simple to implement.

The initiative to start this discussion in English on a list mainly 
francophone has to be noticed ;-) I think we should let it be said "now 
everybody writes in English" or it might cause a "Tower of Babel" effect.

Remi


Plus d'informations sur la liste de diffusion Dev