#12342 New requirements for Google and Yahoo mail at least
Closed: Will Not/Can Not fix 23 days ago by nicosss. Opened a month ago by nicosss.

Mails sent from Yahoo accounts are rejected by bastion mail servers. Google and Yahoo have announced stricter requirements.
https://senders.yahooinc.com/best-practices/ and https://senders.yahooinc.com/faqs/ for explanations.

Describe what you would like us to do:

Today DNS records are for:
- SPF -> v=spf1 a a:mailers.fedoraproject.org ip4:38.145.60.11 ip4:38.145.60.12 ?all
- DMARC -> v=DMARC1; p=none; rua=mailto:dmarc-admin@fedoraproject.org; ruf=mailto:dmarc-admin@fedoraproject.org; fo=0

It should be for:
- SPF -> v=spf1 a a:mailers.fedoraproject.org ip4:38.145.60.11 ip4:38.145.60.12 ~all
- DMARC -> v=DMARC1; p=quarantine; rua=mailto:dmarc-admin@fedoraproject.org; ruf=mailto:dmarc-admin@fedoraproject.org; aspf=r; adkim=r; fo=0

Or better still, after an observation period:
- SPF -> v=spf1 a a:mailers.fedoraproject.org ip4:38.145.60.11 ip4:38.145.60.12 -all
- DMARC -> v=DMARC1; p=reject; rua=mailto:dmarc-admin@fedoraproject.org; ruf=mailto:dmarc-admin@fedoraproject.org; aspf=s; adkim=s; fo=0

For DKIM, I don't know which selector to check.

These are just suggestions, as I don't know the exact configuration of the mail server.

In addition, alias management can cause problems during relaying. ARC may need to be implemented at a later date.

When do you need this to be done by? (YYYY/MM/DD)

As soon as possible to avoid undelivered e-mails.

This problem has been reported to me, but I'm not able to test it because I don't have an @yahoo.tld or @fedoraproject.org e-mail address.


Hello. Thanks for filing this.

A few things to note:

  • This should only affect aliases, mailing lists already use mitigations.
  • We largely don't care about yahoo accounts. For... basically the last 20 years they randomly block our entire domain when one user reports as message as unwanted. We have given up there... I strongly advise to not use yahoo email for any fedora related purpose.

It would be good to see an actual case that fails before we adjust anything more.
It also might be that the email aliases are no longer too tenable and we have to retire them. ;(

Metadata Update from @phsmoura:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, low-trouble, ops

a month ago

Hello,

Sorry for my late reply.

I completely understand the problem of Yahoo and the big e-mail providers.

As for aliases, if they're going to disappear, we might as well not complicate things.

Thanks for your reply!

Metadata Update from @nicosss:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)

23 days ago

Log in to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog