Closed kelson42 closed 1 year ago
DMARC is configured but very permissive
We have to set it up properly for all our service providers, list to be confirmed first (see https://github.com/kiwix/k8s/issues/87). A quick look seems to indicate that Gaggle has no idea about how to do it.
Indeed it's very permissive. I previously configured it to receive the aggregated reports myself and those were satisfying. I just changed it to a stricter version (quarantine though), which will have two consequences:
@Popolechien please make sure every person sending email via an @kiwix.org
address has their setup OK.
They should be using Gandi's SMTP server (mail.gandi.net
-- the doc)
Another consequence is for people using a redirection to another email, without a mailbox. I count only 3 of them at the moment. They wont be able to send as their @kiwix.org address anymore (can send but likely marked as spam)
https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3akiwix.org&run=toolpage
Considering DMARC is at the core of the antispam fight, it seems important to me to complete its configuration