On 29-10-2020 04:34, Rick Moen wrote:
> Quoting Bernard Rosset via Dng (dng@???):
>
>> It seems we're drifting away from the main subject.
>> Count me in!
> Roger that! Subject header tweaked.
>
>> ?
>> If your emails are being refused by others, including major email
>> hosters, I would kindly suggest you check you got at least correct
>> SPF + DKIM entries. You can throw DMARC into the mix if you wish so,
>> too.
> Umm...
>
> As I already mentioned upthread, my domains' e-mail continue to have
> very high deliverability. Those domains feature strongly asserted SPF
> RRs in their auth DNS.
>
> However, by carefully considered local policy, I decline to also
> implement DKIM/DMARC, considering those extensions to have been botched
> in design and implementation by Yahoo, Inc. (DKIM seems to be the
> keystone problem, there, particularly its hapless hostility to
> MLM-mediated forwarding.) Empirically, I so far perceive no measurable
> loss of host reputation from declining to implement DKIM/DMARC.
>
> I _do_ publish, in each of my domains' DNS, deliberately non-compliant
> DMARC RRs, just to make my stance quite clear, e.g.:
>
> :r! dig -t txt _dmarc.linuxmafia.com @ns1.linuxmafia.com +short
> "DMARC: tragically misdesigned since 2012. Check our SPF RR, instead."
>
>
>> It's saddening to assess how little is known by the general public
>> (including people who actually work on technical matters in IT) about
>> key technologies, like DNS (the mother/father of all) or email.
> True datum: When I began hosting my own SMTP smarthosts, I was still a
> staff accountant (UK: chartered accountant) for a living, not a
> sysadmin. Fortunately, nobody told me I couldn't do it, so it worked.

I do administer 3 different mailservers from which 1 does have the full
package from spf, dkim and dmarc. In my experience dmarc does not add
much of value but spf does. Dkim is much liked by isp's with strict spam
policies. But those are still reachable without after some waiting time
as long as you are not on a spam blocklist. A reverse dns record does
help too.

To ease the maintenance of those servers i intend to migrate them to
docker containers. I wonder people on this list have experience on this
subject?

Grtz.

Nick