On 15/03/2015 15:52, Chris Angelico wrote:
On Mon, Mar 16, 2015 at 1:10 AM, Alan Hicks <ahi...@p-o.co.uk> wrote:
If issues are not surfacing it is more likely that both SPF and DKIM are not
strong spam indicators rather than there are no issues.
SPF is rarely implemented decisively ~all instead of -all so is not very
strong.
All of my domains end with -all, so that's not the distinction. With
SPF checking, the list software is what gets checked; my server might
send mail out with an envelope-from address of
"committee-boun...@gilbertandsullivan.org.au", which is a domain that
I control, and for which the SPF record specifies that my server is
allowed to send mail. So list mail is accepted. Can you do and
guarantee the same for DMARC?
ChrisA
To deploy DMARC you need to deploy both SPF and DKIM.
As I'm not part of either the standard or any of its implementations,
guarantees are out of my scope. I'm only implementing DMARC on behalf
of my organisation and as part of that offered django-dmarc in the hope
it might help others with their implementation.
If you set your DMARC policy to none then there will be no rejections
due to dmarc. If you are interested in how your email is evaluated then
as part of the policy you can receive daily reports.
DMARC merely helps in co-ordinating DKIM and SPF. A DMARC policy allows
a sender to indicate that their emails are protected by SPF and DKIM,
and tells a receiver what to do if neither of those authentication
methods passes.
The benefit of implementing DMARC here at Persistent Objects is to
receive reports on how mail from p-o.co.uk is evaluated. This is being
used to guide policy as well as trace and fix edge cases so that our
email can be relied upon.
There's a good overview of how the parts fit together at
http://dmarc.org/overview/
Some organisations have found it useful
http://dmarc.org/2015/02/dmarc-is-a-proven-tool-in-the-fight-against-fraudulent-email/
Alan
--
https://mail.python.org/mailman/listinfo/python-list
