[Users] Make this ML DMARC compliant
Slavko
linux at slavino.sk
Thu Oct 28 11:13:33 CEST 2021
Hi,
this ML is not DMARC compliant, as it modifies the message body and
subject (and others), which breaks DKIM signature and (of course) it
breaks SPF + DMARC.
The DMARC itself is not new technology (2012) and by my MTA stats it is
more and more widely used (>75% accepted emails), while sometime badly
configured. Thus one can expect more and more domains here with
stricter DMARC policy (other than none).
Today i received first (which i noticed) message, from this ML, with
quarantine DMARC policy, which was marked as (and delivered into) SPAM
(yes, my MX forces DMARC policy as published by domain). While it seems,
that in this case the domain's DMARC is not properly applied (message
was not DKIM signed at all).
While i am not ML admin (i mean any ML), by my understanding of the
possible solutions, there are these possibilities:
+ do not modify any part of message, to allow success DKIM
+ modify the the From: header too and add own DKIM signature
+ do not accepts (unsubscribe) emails from domains with
quarantine/reject DMARC policy
+ implement ARC, but it is too new yet, thus i afraid about its success
AFAIK, the mailman 3 has some options to make it DMARC compliant, but
this ML is using the 2.x version yet.
The actual failed message was from "H.Merijn Brand", linux at tux.freedom.nl
which was not DKIM signed by its MTA even, thus the first option from
above will fail anyway with it.
regards
--
Slavko
https://www.slavino.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digitálny podpis OpenPGP
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20211028/766e6e1a/attachment.sig>
More information about the Users
mailing list