On Fri, May 27, 2016 at 9:03 AM, Chris Adams <li...@cmadams.net> wrote: > Once upon a time, Andrew Lutomirski <l...@mit.edu> said: >> Unfortunately, gmail and others are blazing ahead with breaking >> everything before ARC will be ready. > > To be fair, Google is just enforcing what others ask them to enforce. > Yahoo is the one that is setting a DMARC record that says to reject > messages with bad signatures.
If we're going to be fair to Google, we need to look at a bit bigger of a picture. Google is well aware of these problems: https://sites.google.com/site/oauthgoog/mlistsdkim They proposed X-Original-Authentication-Results as a partial workaround. Alas, they never followed through. Google Groups, for example, sets X-Original-Authentication-Results on forwarded messages, but Gmail is unable to parse the header. This doesn't even work within an organization. I have some aliases to my work email that are managed through Google Apps for Domains, and valid strict DMARC emails to the aliases get classified as spam because Gmail (for domains) doesn't trust the X-Original-Authentication-Results header from Groups (for domains on the same domain)! And Google has surely known of this problem for a long time, and they're a founding member of DMARC. So, no, I don't think they really get much credit here. They allowed a bad spec to be published and *implemented* it without bothering to make it functional, even in their own (paid!) products. --Andy -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
