On Tue, Jan 31, 2017 at 5:24 PM, Peter Gonzalez via dmarc-discuss <dmarc-discuss@dmarc.org> wrote: > On 2017 Jan 31, 05:59, Jim Popovitch wrote: >> On Sat, Jan 28, 2017 at 1:49 AM, Dave Warren wrote: >> > On Fri, Jan 27, 2017, at 04:23, Jim Popovitch wrote: >> > >> >> But what can you do about it? What is the "value" of having that >> >> information, and what is the "cost" of capturing it? >> > >> > To me, the value of these reports is pre-deployment, by carefully >> > reviewing the reports you can identify any legitimate sources of mail >> > which are not properly signed and aligned. >> >> I rolled out additional DMARC support for Mailman (outbound alignment) >> recently, and to be honest I'm not yet convinced that all receivers >> have a clue when verifying alignment... so it makes it much more >> difficult, for me, to trust the data. So... imho it's a waste of >> time/effort building an archive of suspect data until faith can be >> established in what is reported. > > So what exactly did you do to "roll out additional DMARC support" in > your Mailman setup?
Mailman has historically done some funky things with moderator/owner notifications. Depending on your Mailman config, mailman *might* send list notifications in ways you might not expect. I set out last year to identify what I saw as bugs in the way Mailman sent notifications differently than list traffic. Those changes are tracked here: https://code.launchpad.net/~jimpop/mailman/virtual-notices > I don't see why you suspect receivers of your mailing list traffic are > doing it wrong when checking it for DMARC. Mailing list traffic is prone > to fail DMARC checks in subtle ways. It is disingenuous, imho, for a receiver to submit a DMARC report to a sender if the subtle failures are receiver side or if those reports don't contain enough information for the receiver to understand the reason(s) for the subtle failure ("give me the RUF or STFU"). :-) >> Here's a few examples for the same email: >> >> Hotmail gets it right: >> http://domainmail.org/dmarc-reports/hotmail.com%21netcoolusers.org%211485698400%211485784800.xml >> >> ItaliaOnline gets it right: >> http://domainmail.org/dmarc-reports/italiaonline.it%21netcoolusers.org%211485778386%211485778386.xml >> >> VirginMedia gets it wrong: >> http://domainmail.org/dmarc-reports/virginmedia.co.uk%21netcoolusers.org%211485734404%211485820804.xml >> >> CSP-Net gets it wrong: >> http://domainmail.org/dmarc-reports/bechu-vir0001.csp-net.ch%21netcoolusers.org%211485730804%211485817204.xml > > I see in those samples you provide that DKIM is failing for some > messages. Could it be that some subscriber(s) to your mailing list has > set up some kind of subject-tagging and ulterior forwarding when he > receives your mailing list messages? Great question, but you should ask Virgin Media or CSP-Net. I'd bet a few beers that the DKIM failures are due to those companies injecting inbound msg headers before processing DMARC checks....but without the RUF who really knows....and more importantly why should I invest time/effort into tracking that "failure". >> So it's 50/50 for the same small sample of list traffic. Do I care, >> sure! If someone from Virgin Media or CSP-Net wants to explain the >> failures (or send me the RUFs that I already ask for) then I am all >> ears. Until then, I remain a skeptic. ;-) > > Skeptic about what: about those receivers ability to properly check > DMARC, or about the usefulness to you of DMARC reporting? Skeptic about the usefulness of the reporting. As I said before, If 1 receiver shows alignment then my work is complete. > It seems to me that DMARC reporting is all about statistics, and for > statistics to be relevant you have to drown down the noise, and for that > you need to have a big enough sample. The samples you provided are very > small in the quantity of messages reported, so it could well be that > you are seeing noise just now, and that you need a much bigger sample > to reap the value of DMARC reporting. I disagree. The larger sample size is still statistically suspect due to all the blind spots in the receiver generated data. Just knowing you have a 0.02% DKIM failure is meaningless without knowing why. > For example, see bullet point 3 here to read > about the true value of DMARC reporting: > https://blogs.msdn.microsoft.com/tzink/2016/09/27/how-we-moved-microsoft-com-to-a-pquarantine-dmarc-record/ > That hurt my eyes to read. :-) Did you not notice these 2 conflicting sentences in the first paragraph: "In case you hadn’t noticed, Microsoft recently published a DMARC record" "This means that any sender transmitting email either into Microsoft’s corp mail servers..." Hint: Microsoft's DMARC record is NOT used by senders transmitting email to Microsoft. -Jim P. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
