[dmarc-discuss] DMARC isn't for mailing lists

John Levine johnl at taugh.com
Wed Jun 20 10:28:45 PDT 2012

>Right. Appending a footer and changing the subject is "last century behavior"
>to me. Listmanagers (like MTAs too) should avoid *any* modification and
>concentrate to their job: maildistribution.

Sigh.  This is the "everyone in the world has to change their working
mail systmem to deal with the limitations of our authentication
scheme" fallacy.  We had a long argument about it relative to mail
forwarding on the SPF list, and an argument just like this one on the
DKIM list about the fact that mailing lists modify the messages.

Can we save time and not have it again, please?  Mailing lists do what
they do, they work fine, the message modifications are useful, and
they're not going away.  We know how to handle them, recognize the
relatively small number of list hosts and whitelist them.  Please read
the DKIM archives if you want to relive the endless argument.

More importantly, DMARC is NOT, repeat NOT, intended to authenticate
every piece of mail sent from every possible mail system.  It's not
for mailing lists.  It's not for domains with live users who sometimes
send mail using their Gmail or Yahoo accounts.  It is quite useful for
heavily phished domains who send all their mail from their own servers.


More information about the dmarc-discuss mailing list