Context
maildesk-cf commit 229b04f adds public runbooks for outbound identity and deliverability:
docs/architecture/outbound-identity.md
docs/operations/deliverability.md
docs/operations/production-rollout.md
Inbound Email Routing can now be reconciled through email.routing_rule, but mail-ready status still needs outbound sender identity proof. Forwarding to an operator mailbox is not enough to claim replies will come from the original domain.
Needed Change
Add cfctl read/verify support for sender-domain and reply-identity readiness used by maildesk-cf. The surface should be usable by the future cfctl maildesk-cf verify flow and should avoid broad live-send tests by default.
Drift Classes
- missing sender-domain authentication
- unverified DKIM/SPF/DMARC posture
- reply identity configured in policy but not verified for outbound send
- provider status unavailable or ambiguous
- sender adapter configured for a domain that is receive-only
Acceptance Criteria
- Verification can report sender readiness per domain and per reply identity.
- Output is machine-readable and safe to cite in template/private receipts.
- It distinguishes Cloudflare Email Service support from optional provider adapters such as Resend.
- It does not expose secret values.
- It does not send live mail unless explicitly requested.
References
Context
maildesk-cfcommit229b04fadds public runbooks for outbound identity and deliverability:docs/architecture/outbound-identity.mddocs/operations/deliverability.mddocs/operations/production-rollout.mdInbound Email Routing can now be reconciled through
email.routing_rule, but mail-ready status still needs outbound sender identity proof. Forwarding to an operator mailbox is not enough to claim replies will come from the original domain.Needed Change
Add cfctl read/verify support for sender-domain and reply-identity readiness used by
maildesk-cf. The surface should be usable by the futurecfctl maildesk-cf verifyflow and should avoid broad live-send tests by default.Drift Classes
Acceptance Criteria
References
rogu3bear/maildesk-cf@229b04f:docs/architecture/outbound-identity.mdrogu3bear/maildesk-cf@229b04f:docs/operations/deliverability.md