I don't follow your logic John. Why would the DMARC policy of one domain
affect the health of the mailing list for subscribers from other
domains?
One user, who we'll call Mason, is a subscriber to the list. Another
user, who we'll call Franck, subscribes from an address with p=reject.
Franck sends a few messages to the list. The list adds a subject tag or
message footer which breaks the DMARC signature, and it remails the
message with the list's bounce address, so DMARC fails. Mason's mail
system checks DMARC on the incoming list mail, finds that Franck's DMARC
says to reject it, so it rejects it. After a couple of rejections, the
list's automatic bounce handling removes Mason from the list. Oops.
This isn't hypothetical -- back when ADSP was new, a couple of
overenthusiastic implementations of ADSP bounced people off the IETF's
mailing lists exactly this way.
The obvious defense is for list software to check Franck's DMARC on
incoming mail and not to accept his mail if it says p=quarantine or
p=reject. I've already adjusted my lists to do that. It turned out to be
a one-line config fix in majordomo2.
R's,
John
PS: If anyone is going to suggest that list software needs to be rewritten
not to break DKIM signatures, please don't. We've had that argument many
times already, list software isn't broken, and it ain't going to happen.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
