On Fri, 20 Jun 2014, Tanguy Ortolo wrote: > Marco d'Itri, 2014-06-19 16:10+0200: > >The possible solutions are: > > > >a) keep rejecting mail from these domains > > > >b) rewrite the From headers of messages from these domains > > > >c) implement a permanent and elegant solution like > >http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail#Relay_one_copy_through_author_domain_server > > d) set up lists so DKIM-signed messages are not modified in any way > Mailing lists break SPF and solutions to that are heavy, but DMARC relies on > /either/ SPF /or/ DKIM, and mailing-lists do not necessarily break DKIM: > they only do when the message is altered, often to add a footer explaining > how to unsubscribe. Now, there has been a standard mail header for that for > some time, which should now be recognized by all serious mail user agents, > so altering messages to add such a footer could be avoided now, at least for > DKIM-signed messages. This has nothing to do with DKIM. d) is not a solution for our problem.
If a user from a p=reject domain posts to our mailinglist, every subscriber from a domain checking dmarc will get a bounce. Alex
pgpLbEm30B_Fz.pgp
Description: PGP signature