[dmarc-discuss] How does *this* mailing list interact with dmarc?

Steven Chamberlain steven at pyro.eu.org
Fri Jun 22 14:15:33 PDT 2012


On 22/06/12 21:19, Jim Popovitch wrote:
> I have a suggestion for consideration.  p=quarantine
> o=mailinglists,forwards  (where o == receiver determined overrides)

My own variation on this would have looked like adkim=f, meaning:
please accept my forwarded mails if the RFC5321.MailFrom validates with
DKIM (i.e. it was re-signed by the listserver).  I think that's actually
the normal DKIM verifier behaviour when there's also a Sender header.

The idea being that it's not safe to whitelist mailing list mails unless
you can actually validate them somehow.  And from the DMARC reports we
can make sure that's working, or otherwise nag list owners to fix it, or
avoid the header/body alterations that broke the original DKIM signature.

I imagine this is still be open to forgery but is a stricter position
than p=none

BTW my original post that started this thread resulted in a DMARC report
looking like this:

>  1. SPF-authenticated Identifiers: blackops.org;
>  2. DKIM-authenticated Identifiers: dmarc.org;
>  3. DMARC Mechanism Check Result: Identifier non-aligned, DMARC mechanism check failures;

Steven Chamberlain
steven at pyro.eu.org

More information about the dmarc-discuss mailing list