[dmarc-discuss] Google & IPv6 SPF check

Roland Turner roland.turner at trustsphere.com
Mon Jun 11 21:29:46 PDT 2012


Hi Jesper,

Just to ensure that I'm answering the right question: you're wondering 
why your posts to dmarc-discuss are ending up in Gmail Spam folders 
after forwarding by the list?

The issue, as with mailing lists generally, is that the the list breaks 
both:

  * SPF (because you don't list mail.blackops.org in your SPF record,
    obviously...)
  * and DKIM (both because it alters Subject: and because it adds a
    footer but your DKIM signature doesn't include an l= parameter; not
    that it would be wise to add one)

As you're specifying p=quarantine for your header domain, Gmail is 
apparently taking you at your word.

As Elizabeth has already pointed out, p=(quarantine|reject) are only 
appropriate for domains sending "official" email; mailing lists in 
general are too hard a problem for DMARC (or anything like it) to fix. 
The odds that most - or even an appreciable fraction of - list operators 
will switch to DMARC-compatible behaviour (in particular to desist 
adding footers or modifying Subject: headers) in the foreseeable future 
are vanishingly small.

That said, dmarc-discuss might be an ideal place to experiment with 
making a mailing list run in a DMARC-compatible fashion. Would others in 
the list be interested in seeing this happen? Is the presence of the 
"note well" inescapable?

- Roland





On 08/06/2012 22:31, Jesper Knudsen wrote:
> Hi Al,
>
> That is a interesting observation (well, actually scary...). I have verified
> my SPF/DKIM and DMARC externally through checkmyauth at auth.returnpath.net
> without any issues (all pass) and my daily DMARC reports from Google also
> looks "clean". I must be scoring on some other parameters than the ones I am
> publishing.
>
> Wonder whether its related to the content of this specific thread or general
> bad standing of my sending IP - It doesn't seem to be listed (or have even
> been listed in all the DNSBL's I am aware of - I monitor hourly).
>
> Clues?
>
> /Jesper
>
>
> -----Original Message-----
> From: Al Iverson [mailto:aiverson at spamresource.com]
> Sent: 8. juni 2012 16:16
> To: Jesper Knudsen
> Cc: dmarc-discuss at dmarc.org
> Subject: Re: [dmarc-discuss] Google&  IPv6 SPF check
>
> Jesper, are you pushing a record for your domain that isn't compatible
> with this mailing list? Right now, yours is the only mail from this
> list going to the spam folder at Gmail.
>
> Regards,
> Al Iverson
>
> On Fri, Jun 8, 2012 at 8:35 AM, Jesper Knudsen<jkn at scanmailx.com>  wrote:
>> Personally I prefer to spell it out for the receiver so they do not need
> to
>> make any additional DNS lookups to determine whether SPF is OK or not. I
>> your case I would add the ip4: and ip6: statements with your two
> respective
>> IP addresses - Maybe even drop the MX as also resolves to the same IPs.
>>
>> Hence:
>> v=spf1 ip4:178.32.42.55 ip6:2001:41d0:2:30db::207 -all
>>
>> Rgds,
>> Jesper
>>
>> -----Original Message-----
>> From: dmarc-discuss-bounces at blackops.org
>> [mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of Stef Simoens
>> Sent: 8. juni 2012 01:13
>> To: dmarc-discuss at dmarc.org
>> Subject: [dmarc-discuss] Google&  IPv6 SPF check
>>
>> Hello,
>>
>> I'm not sure if this is the good platform to raise this kind of issues,
> but
>> I'm sure there are some Google Mail people on this list.
>>
>> The google.com reports of June 5th and June 6th show my IPv6 IP as sender,
>> but also reveal that the SPF check failed. E-mails sent with the IPv4
>> address look OK (SPF check OK).
>>
>> To my knowledge, my SPF and DNS set-up (domain bgs.org; v=spf1 mx
>> a:claudette.bgs.org -all; claudette.bgs.org A 178.32.42.55 / AAAA
>> 2001:41d0:2:30db::207) should work for both IPv4 and IPv6.
>>
>> Anyone else having the same issue with IPv6?
>>
>> Kind regards,
>>
>> --
>> Stef Simoens
>> BGS.org hostmaster
>> _______________________________________________
>> dmarc-discuss mailing list
>> dmarc-discuss at dmarc.org
>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>> NOTE: Participating in this list means you agree to the DMARC Note Well
>> terms (http://www.dmarc.org/note_well.html)
>>
>>
>> _______________________________________________
>> dmarc-discuss mailing list
>> dmarc-discuss at dmarc.org
>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)
>
>
>

-- 
   Roland Turner | Director, Labs
   TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
   Mobile: +65 96700022 | Skype: roland.turner
   roland.turner at trustsphere.com | http://www.trustsphere.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://medusa.blackops.org/pipermail/dmarc-discuss/attachments/20120612/1b939d19/attachment.htm>


More information about the dmarc-discuss mailing list