Having SPF and DKIM is a great first step. But I would recommend also adding a DMARC policy to letsencrypt.org. This will provide stronger enforcement of the SPF/DKIM settings as well as provide insight into any malicious users attempting to spoof letsencrypt.org emails by having a reporting URI.
Reporting mode is a good idea! So far I’ve had bad experience with enforce mode. I had many emails to a listserv go silently into people’s spam folders because @eff.org had DMARC enabled.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.