Emails to whitelist for notifications


#1

Hi there,
I just setup a client’s certs and they are wondering what senders and domains they would need to white list in their email filters to receive any important notifications. Digging through the docs and various threads the only address I’ve seen mentioned is expiry@letsencrypt.org and I was wondering if there were others.


#2

I’m not sure that such a list exists; Nor, if it did, that it would not change in the future.

To better prepare for any such changes one could do one of the following:

  1. (for those that can) Create a controlled dedicated email address and apply it as a whitelisted recipient.
    [This would increase the chance of reaching your inbox - but also increase the chance for SPAM to reach you via this address]
    [but… if you only provide that email address to LE, then only emails from LE should arrive - in a perfect world]

  2. Whitelist all possible senders (the entire domain = *@letsencrypt.org)
    [but this requires a functional SPF system (that may sometimes drop more than customers allow) to ensure you are not allowing emails from spoofed senders]

I don’t think either (nor both) could ensure email receipt; as nothing can ever be deemed to work 100%.
That said, perhaps providing multiple email addresses (at different location & systems) could better increase your chances for receipt (than any whitelist method can provide).

And outside of this, any cert monitoring system would also alert you when a cert is approaching expiration.