openstreetmap / operations

OSMF Operations Working Group issue tracking
https://operations.osmfoundation.org/
99 stars 12 forks source link

OSMF Email Forwarder SPF issue #1043

Open Firefishy opened 8 months ago

Firefishy commented 8 months ago

osmfoundation.org hosts 40 email forwarder addresses. eg: board@, freebies@ etc.

osmfoundation.org uses mailbox.org for hosting. Mailbox.org does not support SRS and they have indicated that they do not intend to support it in the near future.

The result is email forwarded via a osmfoundation.org forwarder address is liable to be rejected by destination email addresses if the original envelope sender address uses SPF restrictions.

5 of the forwarders simply forward email to OpenStreetMap's OTRS instance. These could be replaced with IMAP mailboxes and set OTRS to collect the email.

A workaround should be found for the other forwarders. Options could include:

pnorman commented 8 months ago

mailbox.org has indicated they won't do SRS because they have issues with both the implementations out there, and with the design. I do not have the email knowledge to evaluate if SPS is a good thing for the internet or not, but their arguments are plausible.

My general preference is for people who are part of working groups and may be replying to foundation emails to have an OSMF mailbox. On the other hand, this is coming from the viewpoint of someone who regularly gets at least one email a day from people instead of automatic processes and spam.

Because this would make it much more difficult for people to casually join a working group if they have to set up a mail client to join the internal distribution list., I don't think we can do it. We can't add more barriers.

With moving to osm.org emails, is that because mailman supports rewriting the email and adding reply-to and mailbox.org doesn't?

There are some emails that I think have to remain on osmfoundation.org like board@ and I think those people should have osmf email addresses anyways for doing official board business. I believe we also have some usernames that are common between osmf and osm domains but go to different people.

We've also published some of the addresses and given them to so many people that we'd have to maintain the forwarders for some time. If we switched today we'd still be getting some real emails at operations@ and legal@ for years. Those emails are published out there in many documents and in people's address books. I'm still dealing with people who have my old email in their address book and it's been 7 years since I switched domains.

Firefishy commented 8 months ago

I have been able to reduce the amount of spam email that osmfoundation.org forwards (and received in mailboxes) by properly enabling mailbox.org's spam protections.

Firefishy commented 7 months ago

The mailbox.org spam protection feature is helping a bit.

For privacy@ I have enabled inboxforward (small mailbox for all mail received, in addition to existing forwarding). I am then able to tune the spam filter to strict mode and manually train/flag any false negatives.