Status update, day three:
We now have "soft" SPF and DMARC records on all mail servers and DKIM signatures on the three major mail servers.
This will probably impact users currently sending mail from gmail and riseup, as their reputation will suffer from not being in the allow lists. If this is a problem, an `include:riseup.net include:google.com` mechanism could be added to the top-level SPF policy.
Next step is to finish the DKIM deployment (#40989) and then make the DMARC and SPF records "hard", which will happen once we are more confident this will cause more good than harm.
Work on the mail exchanger may also start soon, alongside other mitigations for problems we may encounter from here on.
Do let us know here if you encounter problems or improvements. As usual, you can follow our work in GitLab in:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/40981
Comment there or file new issues in:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
If all fails, contact us at:
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/support
Onwards!