[dmarc-discuss] Google & IPv6 SPF check

Franck Martin fmartin at linkedin.com
Tue Jun 12 06:23:26 PDT 2012


I had a look at mailman, and opened a branch, but did not have much time to work on it.

First, you set up a Author optional mode that will strip the incoming email from any DKIM or DK header, then you set up the from to be of the form:
"Franck Martin via dmarc-discuss" <dmarc-discuss at dmarc.org> (if you have the full name)
"fmartin via dmarc-discuss" <dmarc-discuss at dmarc.org> (if you don't have the full name, use he local part only)

And that's it for mailman.

It is up to the MTA then to DKIM sign the email before shipping it out.

I don't want to force anyone, but I want the option to be present in mailman and other MLM. We will see if usage prevails over time.

On the other hand, when you do a receiving DMARC implementation, you need to cater for MLM. In our implementation (https://github.com/linkedin/dmarc-msys) we use an IP whitelist, associated with the detection of List-id (this should be enough when you deal with few MLM). Gmail uses the DKIM signed OAR to detect the mailing lists. (see DMARC FAQ). http://tools.ietf.org/html/draft-kucherawy-original-authres-00

From: "MH Michael Hammer (5304)" <MHammer at ag.com<mailto:MHammer at ag.com>>
Date: Tuesday, June 12, 2012 5:30
To: Tim Draegen <tdraegen at agari.com<mailto:tdraegen at agari.com>>, "dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>" <dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>>
Subject: Re: [dmarc-discuss] Google & IPv6 SPF check

I agree that this is a potentially useful exercise but the first step is to work out the approaches (so that anyone can take the logic and implement on any list software/implementation) and not simply jump to patching software. The two basic approaches are:


1)      Attempt to leave the DKIM signature intact as the list handles mail. Ensuring an SPF pass would be a non-starter as far as I can tell.

2)      The list takes ownership and handles all aspects of DKIM and SPF compliance on its own behalf as well as performing bounce handling.

Any other options I missed?

From: dmarc-discuss-bounces at blackops.org<mailto:dmarc-discuss-bounces at blackops.org> [mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of Tim Draegen
Sent: Tuesday, June 12, 2012 8:18 AM
To: dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>
Subject: Re: [dmarc-discuss] Google & IPv6 SPF check

On Jun 12, 2012, at 12:29 AM, Roland Turner wrote:
That said, dmarc-discuss might be an ideal place to experiment with making a mailing list run in a DMARC-compatible fashion. Would others in the list be interested in seeing this happen? Is the presence of the "note well" inescapable?

Definitely!

But I agree with John Levine in one sense -- I have no desire to argue about whether or not it'll work.  I'd much rather patch mailing list software and demonstrate how it *could* work.  So, Roland, put me down as interested.

=- Tim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://medusa.blackops.org/pipermail/dmarc-discuss/attachments/20120612/a5581b76/attachment.htm>


More information about the dmarc-discuss mailing list