FWIW (and keep in mind I’m quoting someone else so I can’t control the politeness or lack thereof), here is what a developer on another list I subscribe to posted regarding DMARC “fixes” to mailman:
I'm not really inclined to "patch" something that RedHat clearly thinks is *not* broken. And they are right on that assessment. It's not broken. It *only* is a problem because Yahoo is illiterate and ignorant on RFC's and made up their own "standard" called DMARC. Which are so piss poor that the IETF outright rejected it and suggested a complete rewrite from scratch. With that in mind my sympathy for Yahoo email users has hit an all time low and it wasn't particularly high before that. They can't get legitimate and RFC conforming non-SPAM mail from standard mailing lists? Because of Yahoo being a dick? Sorry, but why do people still stick with Yahoo? And why should I spend days on fixing that? That doesn't "un-dick" Yahoo. It only makes matters worse. Just wait for their next "standard" to be rolled out. From: Robbie Wright Sent: Friday, March 06, 2015 1:10 AM To: af@afmug.com Subject: [AFMUG] More mail list critiques - dmarc I know it is a thankless job, so thanks Paul and crew for battling the mailing list and all the "feedback" that comes with it. I know some of the DKIM stuff was talked about before but the mailing list is still attempting to twist some of the header info in an incorrect manner. Specifically, many of the emails from the list will go right to spam. Google even tries to help. The reason why this is happening is this: Authentication-Results: mx.google.com; spf=pass (google.com: domain of 0000014bede4f828-7a6d5c1b-9fc6-4a97-a3d1-77708e78790d-000...@amazonses.com designates 54.240.9.55 as permitted sender) smtp.mail=0000014bede4f828-7a6d5c1b-9fc6-4a97-a3d1-77708e78790d-000...@amazonses.com; dkim=pass header.i=@amazonses.com; dmarc=fail (p=QUARANTINE dis=NONE) header.from=siuslawbroadband.com Note that SPF and DKIM both pass because SES is sending those for their own domain but the mail is faking our domain, which in this cases cases DMARC to fail and quarantine the email. As more people roll out DKIM and DMARC, the amount of spam that is generated from the list will go up quickly. This basically boils down to the list faking the from address from our domain and our DMARC record saying, "Not so fast." I know how I would fix this, but I wanted to see what the group (politely) thought about it. Robbie Wright Siuslaw Broadband 541-902-5101