Am 07.06.2014 19:55, schrieb Franck Martin:
As DMARC provide a feedback mechanism to the sender, then it is up to
the sender to deal with these issues, you are just following their
policy, you don’t need to or have to to second guess them. You can use
some whitelists in openDMARC for some streams you really care about,
like mailing lists. There are usually not too many.
The default option of openDMARC is to not reject, as to avoid if you
forgot opendkim or spf, and start to reject all the incoming mail…
Once you are happy with the config, you ought to change that option.
The problem is that the sender is not the postmaster, so if e.g.
yahoo.com had changed its policy to p=reject, many sender had been
blocked without even knowing why. There are many postmaster who think
they understood DMARC and set a wrong policy. For human interaction
DMARC policy should be p=none. And p=reject should only be used for
automatic mailing systems e.g. shopping systems and banks.
So it's your decision if you would risk to loose some e-mail, but for me
it is a just another indicator for SpamAssassin to rate the mail.
If you let OpenDMARC block on policy failures, why don't you let
OpenDKIM block on DKIM failures and SPF-milter on SPF failures? Blocking
on only one criteria leads to many false positives. That's the power of
SpamAssasin, to combine many rating points and then decide if it*s spam
or not.
--
Christian Laußat
https://kvm.laussat.info/
