On Fri, 19 May 2017, Dianne Skoll wrote:
Hi,
Tons of list traffic keeps getting quarantined because of DMARC. For
example, a recent message from David Jones <djo...@ena.com>:
DMARC policy for domain ena.com suggests Rejection as
DMARC_POLICY_REJECT, but quarantined due to rule settings
$ host -t txt _dmarc.ena.com
_dmarc.ena.com descriptive text "v=DMARC1\; p=reject\; sp=reject\;
rua=mailto:dm...@ena.net\;";
(In this instance, we've overridden the DMARC policy and converted it
to quarantine instead of reject, so I was able to retrieve the email, but...)
I'm pretty sure Mailman can do DMARC-munging. Can ezmlm do the equivalent
of Mailman's "ALLOW_FROM_IS_LIST" feature?
Regards,
Dianne.
My read on this is that "@ena.com" is living dangerously. They publish SPF
records and DMARC records (with p=reject) but do NOT DKIM sign their mail.
In general it's dangerous to expect SPF to work thru a maillist or other
forwarder. Often DKIM will but you cannot count on it (particularly if the list
engages in Subject munging).
If they're only going to use SPF then publishing a DMARC policy of "reject" is
risky.
See: https://dmarc.org/2017/03/can-i-use-dmarc-if-i-have-only-deployed-spf/
Please let me know if I'm misinterpreting the signs.
Dave
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
