Stumbled across this which I thought quite timely given my last post. It is a really good resource, but mostly it made me sad.
I already have:
- SPF
- DKIM
- DMARC
- Let’s Encrypt
And yet still ran into trouble with the Spamhaus SBL-CSS thing. And this is a server that I hardly send any email from: An occasional reply to NetBSD Users, etc. None of that was too fiddly to setup, but this post takes things way beyond that:
- Not using
-all
on SPF records. I didn’t know that was a bad thing and it’s 100% non-obvious from the SPF site (that doesn’t use https!). In all fairness this is 100% bollocks (it might be true, but it’s still bollocks): “the larger operators have metrics to show that using-all
tends to be a sign of over-enthusiasm rather than reality, so it will slightly count against you”. So don’t use SPF at all then? This is already in the realms of browser User Agents. - Rotating DKIM keys. I did not know that was a thing.
- DMARC and not using
quarantine
. Firstly it’s 100% dumb that SPF, DKIM and DMARC all have to exist. And it’s then 200% dumb that you can’t then use those things the way they are meant to be used.
And then I stopped reading because it made me too sad. Sending email shouldn’t be this difficult.
Quite a few years back now, I remember my daughters saying something like “Who still uses email? Email is dead!” and I “corrected” them because, well, businesses still sent a stack of email even if just internally; Even nowadays working somewhere that primarily uses Slack, we still send a stack of email. But actually I think they were right. And products like this just prove it. If email isn’t dead yet, I wish it would just hurry up and fuck off and die.