My mail to security@passbolt.com came back with the following message:
Your email to group security@passbolt.com was rejected due to spam classification. To address this issue: * Contact the owner of the group, who can choose to enable message moderation instead of bouncing these emails. * Set up SPF records for your sending domain if you have not done so already. Instructions for both steps can be found here: Messages from a bulk sender bounce - Google Workspace Admin Help.
For reference, SPF is set up properly on my end - maybe the mail is being redirected on your end? That might result in SPF validation failure. Either way, bouncing security issue reports isn’t a good idea. How about enabling moderation at least?
Hi @palant I just saw your message. security@passbolt.com is an alias that reach a bunch of people. Bouncing is not intentional. We’ve tested it by sending emails from other gmail accounts and it worked fine so we assume it was configured properly. We’ll investigate further the issue. Could you send me the issue directly: contact@passbolt.com
@palant we cannot reproduce the issue. We successfully manage to send emails to security@passbolt.com from different email service providers (protonmail, etc.). Which email service provider are you using?
Yes, Google put my test mail into spam as well for some reason. At the same time it confirms that DKIM and SPF are set up correctly, so this is not the issue here. I will look into this. I’m not using any provider, it’s my own mail server.
I sent the mail to you directly, you might need to change the Spam folder though. Still, how about enabling moderation for security@passbolt.com so that mails sent there aren’t lost if Google dislikes them?