Hello we are using lab.libreho.st gitlab at ekimia and it is quite frequent that the emails from gitlab goes to spam , the SPF and dkim sounds well configured so I’m not sure , here is the message detail
https://pastebin.com/raw/iQjLXzbt
Do you think it is just classic google behaviour ?
@anyone ? did you encounter the same problem?
We can see that some RRs are missing.
They are suggested to be
@ IN TXT "v=spf1 mx ~all"
and
_dmarc.libreho.st. IN TXT "v=DMARC1; p=none; pct=100"
Do we know who has access to the DNS? @chrisc @pierreozoux @how
Hey @yala… Thanks for the heads up.
This is a very bad idea. ~all will keep spammers in. Instead it should list the IPv4 addresses that are actually sending email (i.e., Discourse, Gitlab, Keycloak…). Similarly the DMARC entry looks very loose.
I think @Kate was doing the email server. Maybe @realitygaps has the DNS.
I can update the DNS and a couple of other people can also, including @realitygaps and I can grant other people access if needs be, the records are managed via a git repo with a Bind 9 zonefile in it, I’ve added this for now:
IN TXT "v=spf1 mx ip4:159.69.222.195 -all"
Let me know if it needs changing.
Thank you @chrisc !
I am not sure if it is necessary to allow the web host to send emails, too, since MX will add DKIM signatures to the message, which might get verified by some party.
We’re now down to
Would any of you also think that setting a none DMARC policy here makes sense, just to fulfill having one?
Thanks for moving this subject forward !
I also think it is better to have one SMTP service and have all host/services using the SMTP , and to disallow sending email from the application itself directly
it is better to identify spam if an application is misbehaving I think.