Deploy SPF, DKIM, and DMARC records for all of torproject.org
Once the SPF and DKIM records are in use everywhere, deploy SPF records for all of
torproject.org pointing to known mail hosts. Also enforce a domain-wide DMARC policy, at least to get reporting when we have failures.
SPF soft policy everywhere
DKIM records everywhere (#40989 (closed))
DMARC soft record ( is it like SPF that we need a record per mx?no, DMARC is inherited)
SPF hard policy everywhere, after some grace period?
DMARC hard policy?