spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David B Funk <dbf...@engineering.uiowa.edu>
Subject Re: Somewhat OT: DMARC and this list
Date Fri, 19 May 2017 19:13:22 GMT
On Fri, 19 May 2017, Dianne Skoll wrote:

> Hi,
>
> Tons of list traffic keeps getting quarantined because of DMARC.  For
> example, a recent message from David Jones <djones@ena.com>:
>
> DMARC policy for domain ena.com suggests Rejection as
> DMARC_POLICY_REJECT, but quarantined due to rule settings
>
> $ host -t txt _dmarc.ena.com
> _dmarc.ena.com descriptive text "v=DMARC1\; p=reject\; sp=reject\; rua=mailto:dmarc@ena.net\;"
>
> (In this instance, we've overridden the DMARC policy and converted it
> to quarantine instead of reject, so I was able to retrieve the email, but...)
>
> I'm pretty sure Mailman can do DMARC-munging.  Can ezmlm do the equivalent
> of Mailman's "ALLOW_FROM_IS_LIST" feature?
>
> Regards,
>
> Dianne.

My read on this is that "@ena.com" is living dangerously. They publish SPF 
records and DMARC records (with p=reject) but do NOT DKIM sign their mail.

In general it's dangerous to expect SPF to work thru a maillist or other 
forwarder. Often DKIM will but you cannot count on it (particularly if the list 
engages in Subject munging).

If they're only going to use SPF then publishing a DMARC policy of "reject" is 
risky.
See: https://dmarc.org/2017/03/can-i-use-dmarc-if-i-have-only-deployed-spf/

Please let me know if I'm misinterpreting the signs.

Dave

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Mime
View raw message