From 05d1c26ee7b531861540a58457ebadcc5fdf7e57 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 5 Dec 2023 14:40:21 +0000 Subject: [PATCH] Add an SPF record for the listserv Recently, Gmail has started to rate-limit deliveries from our mailing list server, with this message: SMTP error from remote mail server after end of data: This mail has been rate limited because it is unauthenticated. Gmail requires all senders to authenticate with either SPF or DKIM. According to https://support.google.com/mail/answer/81126 also: Starting February 2024, Gmail will require the following for senders who send 5,000 or more messages a day to Gmail accounts: Authenticate outgoing email, avoid sending unwanted or unsolicited email, and make it easy for recipients to unsubscribe. In order not to place undue additional load on our MTA's deferral queue, adding a neutral SPF rule is nicer than unsubscribing and blocking all Gmail users. A simple "a" rule should suffice, since we don't relay through any smarthost currently. Set the TTL to 5 minutes for now, in case we need to make rapid adjustments to this policy in the near future. Change-Id: I388de615035156bc277ff1e1b11ac2bc0346cb27 --- zones/zuul-ci.org/zone.db | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/zones/zuul-ci.org/zone.db b/zones/zuul-ci.org/zone.db index c2c7475..03ab919 100644 --- a/zones/zuul-ci.org/zone.db +++ b/zones/zuul-ci.org/zone.db @@ -2,7 +2,7 @@ $ORIGIN zuul-ci.org. $TTL 1h @ IN SOA adns02.opendev.org. hostmaster.openstack.org. ( - 1700006781 ; serial number unixtime + 1701787210 ; serial number unixtime 1h ; refresh (secondary checks for updates) 10m ; retry (secondary retries failed axfr) 10d ; expire (secondary ends serving old data) @@ -19,6 +19,7 @@ ns2 IN AAAA 2604:e100:1:0:f816:3eff:fe53:ee69 ; We use address records for lists01.opendev.org here instead of a CNAME lists IN A 162.209.78.70 lists IN AAAA 2001:4800:7813:516:be76:4eff:fe04:5423 +lists 300 IN TXT "v=spf1 a ?all" _acme-challenge.lists IN CNAME acme.opendev.org. www IN CNAME static.opendev.org. git IN CNAME static.opendev.org.