On March 5, 2017 3:08:49 PM EST, Vincent Danjean <vdanjean...@free.fr> wrote: >Le 05/03/2017 à 16:29, Joerg Jaspert a écrit : >> That would be the next step, DMARC, which is SPF plus DKIM plus some >> extra DNS records. And DMARC then allow to tell other mail servers >(that >> follow DMARC) to get rid (spamfilter) mail that aren't from what your >> DNS says it should be from (or aren't signed correctly/at all). But >its >> even more maintenance and burden for a group like Debian. > >Is it even possible? I was under the impression that DMARC plays very >bad with mailing lists. If I recall correctly, mailman has to modify >mails that come from a DMARC domain.
It plays badly with mailing lists that modify messages in ways that cause DKIM signatures to break (which is most, but not all of them). It's my understanding that for lists.d.o based lists, the listmasters plan is to configure lists so that DKIM signatures should survive. There's still a lot more Debian infrastructure that would have to be considered (Alioth based lists, BTS mails, etc.) before we might consider Debian to be DMARC ready. I don't know if it's worth the effort, but I don't think there are any insurmountable technical barriers to get past if the project decided to take this on. Scott K
