Re: [dmarc-discuss] Hotmail violating DMARC specification

2018-09-25 Thread Roland Turner via dmarc-discuss 
Calendaring corner cases are numerous. If the calendaring system is to 
co-operate with DMARC (but note that it's not a foregone conclusion that 
the operator will want to do so) the options in this case would appear 
to be:


 * Take ownership of the forwarded message by setting From: to the
   address of the person forwarding (as Outlook does with all other
   forwarding). Whether this will play nice with recipients'
   calendaring software is not clear.
 * Forward unmodified, so the original DKIM signature will still validate.

There probably aren't particularly tidy answers to this.

- Roland





On 26/09/18 00:48, Ivan Kovachev via dmarc-discuss wrote:

Hello guys,

would anyone be able to comment on the issue listed here:

https://office365.uservoice.com/forums/264636-general/suggestions/34012756-forwarding-of-calendar-appointments-from-a-dmarc-p 



I have also run some tests using a DMARC protected domain in reject 
mode and hotmail whether *manually forwarding*,*auto-forwarding* or 
*redirecting* the email treats the email in the same way and that is: 
retains the original From domain but the final recipient does the SPF 
and DKIM checks on the forwarder ie. hotmail so DMARC fails and emails 
are rejected.




___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)



___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Help - updataed

2018-09-25 Thread Roland Turner via dmarc-discuss 
What is a DMARC syntax error? (Which tool gave this? What operation was 
it performing at the time?)


Yes,

   example.com TXT "v=spf1 -all"
   _dmarc.example.com "v=DMARC1; p=reject;"

is a reasonable way to announce that a domain can never be used for 
sending email.


- Roland


On 26/09/18 10:04, T Nguyen via dmarc-discuss wrote:


Hi dmarc-discussing group,

Updated a few things that came to me after sending the previous message.

 1. Can non-smtp ( no mx record ) domain example.com be protected by
dmarc?  I inherited the below dmarc record for this example.com
with  spf record as “ v=spf1 -all “.  The result was a dmarc
syntax error.  It could be that the syntax error caused by the
receiving domain not have the text record to authorize the reports
receptions?

v=DMARC1; p=reject; pct=100; 
rua=mailto:dmarc-repo...@not-example.com,mailto:repo...@example-not.com


 2. If dmarc cannot be implemented then what is the best way to
protect this non-smtp domain example.com from being spoofed by
mal-intention senders that can fool naïve users?  Although with
spf record “ v=spf1 -all “alone should work for dmarc record to
set policy reject all email using this non-email domain
example.com. Just realized that dkim cannot be generated without a
mail server to maintain the private key.

Thank you in advance,

Best,

tn



___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)



___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Hotmail violating DMARC specification (fwd)

2018-09-25 Thread John R Levine via dmarc-discuss 

In article <530ab12f-8f41-478f-8e2c-8b276ae9d...@gmail.com>,
Ivan Kovachev via dmarc-discuss  wrote:

I have also run some tests using a DMARC protected domain in reject mode and 
hotmail whether manually forwarding, auto-forwarding or
redirecting the email treats the email in the same way and that is: retains the 
original From domain but the final recipient does the
SPF and DKIM checks on the forwarder ie. hotmail so DMARC fails and emails are 
rejected.


That is DMARC operating as specified.  If you say p=reject and don't
DKIM sign your mail, you're saying that only the IP addresses in your
SPF record can forward it.  The forward issue is not unique to
Hotmail; you'd see the same result from anyone who bounced, relayed,
or otherwise forwarded it.

If that's not what you want, perhaps you should adjust your DMARC policy to say 
what you do want.

R's,
John
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Hotmail violating DMARC specification

2018-09-25 Thread Ivan Kovachev via dmarc-discuss 
Hello guys,

would anyone be able to comment on the issue listed here:

https://office365.uservoice.com/forums/264636-general/suggestions/34012756-forwarding-of-calendar-appointments-from-a-dmarc-p
 

 

I have also run some tests using a DMARC protected domain in reject mode and 
hotmail whether manually forwarding, auto-forwarding or redirecting the email 
treats the email in the same way and that is: retains the original From domain 
but the final recipient does the SPF and DKIM checks on the forwarder ie. 
hotmail so DMARC fails and emails are rejected.

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)