Return-Path: <users-return-115160-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 19B81200C79
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 19 May 2017 21:13:28 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 1841A160BD1; Fri, 19 May 2017 19:13:28 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 5F0F9160BB0
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 19 May 2017 21:13:27 +0200 (CEST)
Received: (qmail 49112 invoked by uid 500); 19 May 2017 19:13:26 -0000
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 49101 invoked by uid 99); 19 May 2017 19:13:26 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 May 2017 19:13:26 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 97982C00A9
	for <users@spamassassin.apache.org>; Fri, 19 May 2017 19:13:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -2.302
X-Spam-Level: 
X-Spam-Status: No, score=-2.302 tagged_above=-999 required=6.31
	tests=[RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001,
	SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id BAZNgFoGGLZH for <users@spamassassin.apache.org>;
	Fri, 19 May 2017 19:13:23 +0000 (UTC)
Received: from server07.engr.uiowa.edu (server07.engr.uiowa.edu [128.255.17.47])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 8DA835FD8E
	for <users@spamassassin.apache.org>; Fri, 19 May 2017 19:13:23 +0000 (UTC)
Received: from smtp.engineering.uiowa.edu (smtp.engineering.uiowa.edu [128.255.18.24])
	by s-l012.engr.uiowa.edu (8.14.9-icaen/8.12.9) with ESMTP id v4JJDMoK015113
	for <users@spamassassin.apache.org>;  (envelope-from <dbfunk@engineering.uiowa.edu>) Fri, 19 May 2017 14:13:22 -0500
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.6 at s-l012
Received: from [2620:0:e50:7016:0:ff4e:b623:2d42] ([IPv6:2620:0:e50:7016:0:ff4e:b623:2d42])
	(authenticated user=dbfunk bits=0)
	by smtp.engineering.uiowa.edu (8.14.9-icaen/smtp-MSA-1.7) with ESMTP id v4JJDLaO030091
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT)
	for <users@spamassassin.apache.org>;  (envelope-from <dbfunk@engineering.uiowa.edu>) Fri, 19 May 2017 14:13:21 -0500
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.6 at s-l101
Date: Fri, 19 May 2017 14:13:22 -0500 (CDT)
From: David B Funk <dbfunk@engineering.uiowa.edu>
Reply-To: users@spamassassin.apache.org
To: users@spamassassin.apache.org
Subject: Re: Somewhat OT: DMARC and this list
In-Reply-To: <20170519143010.77fedd31@hydrogen.roaringpenguin.com>
Message-ID: <alpine.LSU.2.03.1705191400030.29253@engineering.uiowa.edu>
References: <20170519143010.77fedd31@hydrogen.roaringpenguin.com>
User-Agent: Alpine 2.03 (LSU 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
archived-at: Fri, 19 May 2017 19:13:28 -0000

On Fri, 19 May 2017, Dianne Skoll wrote:

> Hi,
>
> Tons of list traffic keeps getting quarantined because of DMARC.  For
> example, a recent message from David Jones <djones@ena.com>:
>
> DMARC policy for domain ena.com suggests Rejection as
> DMARC_POLICY_REJECT, but quarantined due to rule settings
>
> $ host -t txt _dmarc.ena.com
> _dmarc.ena.com descriptive text "v=DMARC1\; p=reject\; sp=reject\; rua=mailto:dmarc@ena.net\;"
>
> (In this instance, we've overridden the DMARC policy and converted it
> to quarantine instead of reject, so I was able to retrieve the email, but...)
>
> I'm pretty sure Mailman can do DMARC-munging.  Can ezmlm do the equivalent
> of Mailman's "ALLOW_FROM_IS_LIST" feature?
>
> Regards,
>
> Dianne.

My read on this is that "@ena.com" is living dangerously. They publish SPF 
records and DMARC records (with p=reject) but do NOT DKIM sign their mail.

In general it's dangerous to expect SPF to work thru a maillist or other 
forwarder. Often DKIM will but you cannot count on it (particularly if the list 
engages in Subject munging).

If they're only going to use SPF then publishing a DMARC policy of "reject" is 
risky.
See: https://dmarc.org/2017/03/can-i-use-dmarc-if-i-have-only-deployed-spf/

Please let me know if I'm misinterpreting the signs.

Dave

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{