Wow, just checked my spam for my Grapl email and it's wild. I wonder if all of these companies offering their services realize that their emails are being automatically sent to spam.
Conversation
Replying to
For the GrapheneOS mail server, we enforce strict SPF (reject on hard or soft fail), DKIM (reject on errors such as DKIM signed but missing record) and DMARC along with only accepting mail via TLS. Eliminates nearly all spam. Fine with missing mail from broken servers.
Occasionally some marketing spam making it through and if it appears to be in an official capacity, I add their domain to a list of entirely rejected ones.
Also, enforcing some basic rules on header / HELO validity, etc.
Haven't needed PTR checks, graylisting, spam filtering.
2
1
Nearly all of it was killed by rejecting mail not sent via TLS and before doing that I checked and verified that there was not a single non-spam email sent without TLS for the initial couple years of having the domain.
Enforcing DKIM does reject some non-spam mail. Rest doesnt.
1
1
Show replies
Replying to
Yeah the thing is it's not really "spam" in the sense of someone scamming me. It's more like recruiters and vendors and that sort of thing. So it's unsolicited and unwanted but not strictly malicious.
1
Replying to
I consider that spam. So, for example, my GitHub profile has the toggle set to say that I'm not looking for a job. Any company that sends me job offers based on my GitHub profile is spamming me. It's at least less illegitimate if it's about something else like a study...
1
1
Show replies