Hello we are using lab.libreho.st gitlab at ekimia and it is quite frequent that the emails from gitlab goes to spam , the SPF and dkim sounds well configured so I’m not sure , here is the message detail
This is a very bad idea. ~all will keep spammers in. Instead it should list the IPv4 addresses that are actually sending email (i.e., Discourse, Gitlab, Keycloak…). Similarly the DMARC entry looks very loose.
I think @Kate was doing the email server. Maybe @realitygaps has the DNS.
I can update the DNS and a couple of other people can also, including @realitygaps and I can grant other people access if needs be, the records are managed via a git repo with a Bind 9 zonefile in it, I’ve added this for now:
I am not sure if it is necessary to allow the web host to send emails, too, since MX will add DKIM signatures to the message, which might get verified by some party.
We’re now down to
Would any of you also think that setting a none DMARC policy here makes sense, just to fulfill having one?
I also think it is better to have one SMTP service and have all host/services using the SMTP , and to disallow sending email from the application itself directly
it is better to identify spam if an application is misbehaving I think.