Zitat von "James B. Byrne" <byrn...@harte-lyne.ca>:
On Sun, December 14, 2014 20:05, Richard Damon wrote:DMARC says that if a domain requests DMARC protection then any message that has a RFC5322 domain pointing to it, must be verifiable as coming from that domain, thus such an address can NOT use a 3rd party (like a mailing list manager) to deliver a message for it without adding it to SPF or giving it the DKIM signing keys. Since DMARC was intended to protect "high value" emails, like from something like a bank, this wouldn't normally be a problem. Effectively emails from a DMARC protected domain shouldn't be used for non-official communication, and any 3rd party service is presumably trusted so you can make the needed arrangements. The problem is that YAHOO and AOL have, via their DMARC settings, declared emails from their domain to be this type of high value, and in effect that their users are not to use 3rd party distribution methods (but haven't told their users this). Other mailing list systems have adopted some work arounds for this problem, a common one is to "munge" the From: line to be the list address (and setting Reply-To: to the poster), or wrapping the message in a wrapper that is from the list, and the message to be distributed is included as an attachment. (And some will just reject any message from a domain that uses DMARC protection) The problem isn't really with DMARC, it is doing what it was intended to do, the problem is the services misusing DMARC. It sounds like if pushed, they will even admit that they are abusing it, but feel they need to due to a lot of messages being forged as from them. Yes, it is arguably a violation of the RFC's to rewrite the From: address of a message going through a mailing list manager, but it is one of the ways to handle the misuse of DMARC that has happened. It comes down to a question of what are you willing to do to make things "work" and who are you willing to make bear the brunt of problems.DMARC was forced upon the IETF by the big mail hosting companies. The reason that the FROM header is checked instead of the SENDER is because the FROM is what virtually all MUA's display to the end user; and that is what the mail hosting companies want verified. Banks and other 'high value' email sources are red-herrings. They could care less. Nothing of any import is ever sent by email from a bank; Or by anyone else that has any sense (PGP/GPG/SMIME users excepted, maybe). DMARC is doing exactly what was expected of it by the people pushing-for / forcing its adoption. It is also breaking every mailing list manager exactly as was predicted. Mailman MLM has since had a mod made to rewrite the from and set a few other switches to handle SPF.
So DMARC is just another piece of junk invented to break e-mail or the rest of it...
I don't get it why people still resist in using working solutions for "high value" e-mail like S/MIME and PGP and instead try to use broken-by-design "solutions" like SPF/DMARC whatever.
No average user understand any of this DMARC/SPF whatever cruft so they one day simply will use Google or Hotmail because most thers will also do in the hope the big ones will do something right about it.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
