On Mon 29/Aug/2022 12:09:10 +0200 Matus UHLAR - fantomas wrote:
On 25.08.22 18:10, Alessandro Vesely wrote:
The lack of interest by others proves that From: munging is not so much of a
nuisance as they say...
This will come sooner or later, however:
earlier this year I've done small dmarc research for our client:
- microsoft software (on-premise exchange and 365) does not DKIM-sign DSN
e-mail (delivery and non-delivery notifications) although those have sending
domain in From: (I guess domain is added after sig generated)
So do I, relying on SPF for DNSs.
- only a few % of domains has other DMARC policy than none
- mailman 2 (used here) only munges From: when domain DMARC policy for the
sending domain is other than none.
Which is insecure. While I keep p=none, anyone can post a spoof using my email
address as From: and pretend to be me. It never happens, but some people
believe it /cannot/ happen.
I see the list operates both From: munging and ARC sealing. While I'm
clear about the former, I'm curious about how ARC works:
Do any subscribers trust the seal by isc.org?
I guess most of recipients use predefined configurations, e.g. no whitelisting.
out of curiousity, I set my opendmarc.conf:
DomainWhitelist lists.isc.org
so we'll see next time mail comes.
Please tell us.
Mailman should know about your setting in order to skip From: munging in the
copies sent to you. Currently, the copies sent to pipermail for archiving seem
to be non-munged, so this functionality exists.
Best
Ale
--
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
