DNS manipulation for SPF and DMARC
Augie Fackler
raf at durin42.com
Thu Oct 12 15:03:01 UTC 2017
I've done some sniffing around, and it looks like we could at least start figuring out *why* we're getting on this spamhaus list if we would enable DMARC in notify-only mode, and it would definitely help our IP reputation to have an SPF record. So I think we should configure the following DNS entries:
# We could probably also put "a mx" in here to allow the A and MX
# records for mercurial-scm.org to transact mail.
mercurial-scm.org. IN TXT "v=spf1 ip4:192.81.134.36 ip6:2600:3c01::f03c:91ff:fedb:76b6/64 ~all"
# rua = "aggregate data reporting address"
# ruf = "forensic data reporting address"
# fo = "failure option" -> 1 means "report for any failure"
# By default this applies to 100% of mail.
_dmarc.mercurial-scm.org. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc at mercurial-scm.org; ruf=mailto:dmarc at mercurial-scm.org; fo=1"
and configure dmarc@ to forward to someplace private, but reachable by the sysadmin group. Thoughts?
More information about the Mercurial-devel
mailing list