FWIW (and keep in mind I’m quoting someone else so I can’t control the
politeness or lack thereof), here is what a developer on another list I
subscribe to posted regarding DMARC “fixes” to mailman:
I'm not really inclined to "patch" something that RedHat clearly thinks
is *not* broken. And they are right on that assessment. It's not broken.
It *only* is a problem because Yahoo is illiterate and ignorant on RFC's
and made up their own "standard" called DMARC. Which are so piss poor
that the IETF outright rejected it and suggested a complete rewrite from
scratch.
With that in mind my sympathy for Yahoo email users has hit an all time
low and it wasn't particularly high before that. They can't get
legitimate and RFC conforming non-SPAM mail from standard mailing lists?
Because of Yahoo being a dick? Sorry, but why do people still stick with
Yahoo? And why should I spend days on fixing that? That doesn't
"un-dick" Yahoo. It only makes matters worse. Just wait for their next
"standard" to be rolled out.
From: Robbie Wright
Sent: Friday, March 06, 2015 1:10 AM
To: af@afmug.com
Subject: [AFMUG] More mail list critiques - dmarc
I know it is a thankless job, so thanks Paul and crew for battling the mailing
list and all the "feedback" that comes with it. I know some of the DKIM stuff
was talked about before but the mailing list is still attempting to twist some
of the header info in an incorrect manner.
Specifically, many of the emails from the list will go right to spam. Google
even tries to help.
The reason why this is happening is this:
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of
0000014bede4f828-7a6d5c1b-9fc6-4a97-a3d1-77708e78790d-000...@amazonses.com
designates 54.240.9.55 as permitted sender)
smtp.mail=0000014bede4f828-7a6d5c1b-9fc6-4a97-a3d1-77708e78790d-000...@amazonses.com;
dkim=pass header.i=@amazonses.com;
dmarc=fail (p=QUARANTINE dis=NONE) header.from=siuslawbroadband.com
Note that SPF and DKIM both pass because SES is sending those for their own
domain but the mail is faking our domain, which in this cases cases DMARC to
fail and quarantine the email. As more people roll out DKIM and DMARC, the
amount of spam that is generated from the list will go up quickly. This
basically boils down to the list faking the from address from our domain and
our DMARC record saying, "Not so fast."
I know how I would fix this, but I wanted to see what the group (politely)
thought about it.
Robbie Wright
Siuslaw Broadband
541-902-5101
