This is not the point On Sun, Feb 7, 2016 at 11:43 AM, Scott Kitterman via dmarc-discuss < dmarc-discuss@dmarc.org> wrote:
> To start with, you'll have to explain why receivers should trust a sender > to > not lie about where they got the mail from in an ARC header field if they > don't > already trust the sender. > > Scott K > > On Sunday, February 07, 2016 11:14:12 AM Franck Martin via dmarc-discuss > wrote: > > ARC will help, but there are many mailing lists that don't have DKIM or > > even SPF. So even if ARC is available tomorrow, it may take years before > > mailing lists adopt any solution. So someone will have to make a stand, > to > > get operators to deploy something. > > > > On Sun, Feb 7, 2016 at 10:10 AM, Al Iverson via dmarc-discuss < > > > > dmarc-discuss@dmarc.org> wrote: > > > The mailing list question can be a bit tricky. Yeah, the DKIM > > > signature is supposed to transport just fine, unless your MLM rewrites > > > any header or content that breaks the signature. And when you deal > > > with that, eventually you're going to run into list subscribers whose > > > posts get rejected by some other subscribers, due to the poster's > > > domain having a P=reject DMARC policy. > > > > > > I would say there's not a clear consensus on how best to handle > > > mailing lists in a DKIM+DMARC world. A bunch of email folks are > > > working on a standard called Authenticated Received Chain (ARC) that > > > would in theory help to address issues with mailing lists. (See > > > http://arc-spec.org/ ). But, we're a ways from being able to call that > > > a solution. > > > > > > I'm a mailing list operator myself, at probably about the same level > > > you are. (Instead of Mailman, I run a custom MLM that I wrote myself, > > > mostly as a programming exercise.) What I have chosen to do is strip > > > an existing DKIM signature, rewrite the from address if it appears to > > > be a domain that has a restrictive DMARC policy, and then sign it with > > > DKIM as the list domain. This works well for me, but not everybody > > > agrees that it's the best path. I'm not the only one to have done > > > something similar; Yahoo Groups, Google Groups Mail-list.com and > > > OnlineGroups.net all send as the group instead of as the poster either > > > all the time or as needed; and mailman can be configured similarly. > > > > > > Here's a link to an overview of the various issues in play for mailing > > > lists, and info on what I and others have chosen to do to address it. > > > http://www.spamresource.com/2015/02/dmarc-mailing-lists-roundup.html > > > > > > Here's where to go to learn more about what you can do with Mailman: > > > http://wiki.list.org/DEV/DMARC > > > > > > Note: There will probably be at least one really angry reply to this > > > post telling me how horrible this is and that I broke mailing lists. > > > It'll be a rehash of an argument from more than a year ago. Truth be > > > told, somebody else broke mailing lists; this is just how I personally > > > decided to implement a fix that seems to work well for me. YMMV. > > > > > > Regards, > > > Al Iverson > > > > > > -- > > > Al Iverson - Minneapolis - (312) 275-0130 > > > Simple DNS Tools since 2008: xnnd.com > > > www.spamresource.com & aliverson.com > > > _______________________________________________ > > > dmarc-discuss mailing list > > > dmarc-discuss@dmarc.org > > > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > > > > > NOTE: Participating in this list means you agree to the DMARC Note Well > > > terms (http://www.dmarc.org/note_well.html) > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)