proposal: SPF, DKIM, DMARC policy and history

Details

Point of contact for this request: @ggillies @dawsmith @T4cC0re

SRE Support Needed we have too many applications that require SPF records to authenticate them as permitted to send on behalf of gitlab.com and if i recall correctly, we can only have ten lookups before it fails

https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/8084

we could potentially have two solutions:

we should have first level applications that are approved to use the gitlab.com and the rest should use a subdomain. (similar to how we solved this for tipalti) https://gitlab.com/gitlab-com/business-ops/team-member-enablement/issue-tracker/-/issues/977
setup more than one sending server as proposed here https://gitlab.com/gitlab-com/business-ops/Business-Operations/-/issues/93

additional suggestion

provide handbook policy on how to get SPF, DKIM and DMARC help/info/changes
have a way to view changes to the records over time (yml? link to MRs?)
approval process through enterprise applications to add SPF records in order to prioritize changes

cc @pkaldis @ccnelson @bryanwise

Edited Sep 04, 2020 by Jamie Carey