From 74516c23eec1d721d7d5b1717b1569d85319db4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Thu, 7 Apr 2022 15:23:17 -0400
Subject: [PATCH] add IMAP server, seems like there's no way around

---
 policy/tpa-rfc-15-email-services.md | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/policy/tpa-rfc-15-email-services.md b/policy/tpa-rfc-15-email-services.md
index f9e2c339..a6016b33 100644
--- a/policy/tpa-rfc-15-email-services.md
+++ b/policy/tpa-rfc-15-email-services.md
@@ -4,11 +4,16 @@ title: TPA-RFC-15: email services
 
 [[_TOC_]]
 
-Summary: deploy incoming and outgoing SPF/DKIM/DMARC checks on
-torproject.org infrastructure (forcing the use of the submission
-server for outgoing mail), alongside end-to-end deliverability
-monitoring and a rebuild of legacy mail services to get rid of legacy
-infrastructure. possibility of hosting mailboxes as a stretch goal.
+Summary: deploy incoming and outgoing [SPF][], [DKIM][], [DMARC][],
+and (possibly) [ARC][] checks and records on torproject.org
+infrastructure. Deployment of an IMAP service, alongside the
+enforcement of the use of the submission server for outgoing
+mail. Establish end-to-end deliverability monitoring. Rebuild mail
+services to get rid of legacy infrastructure.
+
+[DMARC]: https://en.wikipedia.org/wiki/DMARC
+[DKIM]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
+[SPF]: http://www.open-spf.org/
 
 # Background
 
@@ -195,11 +200,11 @@ will start to degrade some time or before Q3 2022.
     * decide key rotation policy (how frequently, should we [publish
       private keys][])
 
- d. enforcement of the submission service for outgoing mail, possibly
-    includes setting up a dummy IMAP server
+ d. IMAP server deployment and enrolment of all users in the IMAP
+    service
 
  e. deployment of SPF and DMARC DNS records, which will impact users
-    not on the submission server, which includes users with plain
+    not on the submission and IMAP servers, which includes users with plain
     forwards and without an LDAP account, possible solutions:
 
     1. aliases are removed or,
@@ -305,14 +310,14 @@ process follows the [Kaplan-Moss estimation technique](https://jacobian.org/2021
 | a. e2e deliver. checks     | 3 days   | medium      | access to other providers uncertain           | 4.5          |
 | b. DMARC reports           | 1 week   | high        | needs research                                | 10           |
 | c. DKIM signing            | 3 days   | medium      | expiration policy and per-user keys uncertain | 4.5          |
-| d. mandatory submission    | 3 days   | medium      | may require training                          | 4.5          |
+| d. IMAP deployment         | 1 week   | medium      | may require training to onboard users         | 7.5          |
 | e. SPF/DMARC records       | 3 days   | high        | impact on forwards unclear, SRS               | 7            |
 | f. incoming mail filtering | 1 week   | high        | needs research                                | 10           |
 | g. new MX                  | 1 week   | high        | key part of eugeni, might be hard             | 10           |
 | h. new mail relay          | 3 days   | low         | similar to current submission server          | 3.3          |
 | i. Puppet refactoring      | 1 week   | high        |                                               | 10           |
 
-This amounts to a total estimate time of 63.5 days, or about 13 weeks
+This amounts to a total estimate time of 65.5 days, or about 13 weeks
 or three months, full time. At 50EUR/hr, that's about 25,000EUR of
 work.
 
-- 
GitLab