On 2017 Jan 31, 21:14, Jim Popovitch wrote:
> On Tue, Jan 31, 2017 at 5:24 PM, Peter Gonzalez wrote:
>
> > So what exactly did you do to "roll out additional DMARC support" in
> > your Mailman setup?
>
> Mailman has historically done some funky things with moderator/owner
> notifications. Depending on your Mailman config, mailman *might*
> send list notifications in ways you might not expect. I set out last
> year to identify what I saw as bugs in the way Mailman sent
> notifications differently than list traffic. Those changes are
> tracked here:
> https://code.launchpad.net/~jimpop/mailman/virtual-notices
Does that mean that the DMARC checks from which you are getting failure
reports are being done against "mailing list notifications" and not
against "regular mailing list traffic"? And, if so, that those "mailing
list notifications" are the result of your non-standard setup and not
of vanilla mailman?
> > I don't see why you suspect receivers of your mailing list traffic are
> > doing it wrong when checking it for DMARC. Mailing list traffic is prone
> > to fail DMARC checks in subtle ways.
>
> It is disingenuous, imho, for a receiver to submit a DMARC report to a
> sender if the subtle failures are receiver side or if those reports
> don't contain enough information for the receiver to understand the
> reason(s) for the subtle failure ("give me the RUF or STFU"). :-)
Yes, but it has not yet been established whether those DMARC check
failures are the result of those receiver's wrong doing.
> I'd bet a few beers that the DKIM failures are due to those companies
> injecting inbound msg headers before processing DMARC checks....but
> without the RUF who really knows....and more importantly why should
> I invest time/effort into tracking that "failure".
It totally depends on you whether you should invest time and effort to
track those "failures". Is deliverability of your mailing list traffic
important to you?
> > Skeptic about what: about those receivers ability to properly check
> > DMARC, or about the usefulness to you of DMARC reporting?
>
> Skeptic about the usefulness of the reporting. As I said before, If 1
> receiver shows alignment then my work is complete.
Yes, your work is complete as a MTA operator. No, your work is not
complete as a curator of your mailing list traffic.
> > It seems to me that DMARC reporting is all about statistics, and for
> > statistics to be relevant you have to drown down the noise, and for that
> > you need to have a big enough sample. The samples you provided are very
> > small in the quantity of messages reported, so it could well be that
> > you are seeing noise just now, and that you need a much bigger sample
> > to reap the value of DMARC reporting.
>
> I disagree. The larger sample size is still statistically suspect
> due to all the blind spots in the receiver generated data. Just
> knowing you have a 0.02% DKIM failure is meaningless without knowing
> why.
Well, knowing that some high volume mailing list has a 0.02% DKIM failures
when checking DMARC alignment is quite meaningful compared to having a 50%
DKIM failures in DMARC checks. I would say a 0.02% DKIM failures would be
"statistical noise" for a high volume mailing list, IMHO.
> > For example, see bullet point 3 here to read
> > about the true value of DMARC reporting:
> > https://blogs.msdn.microsoft.com/tzink/2016/09/27/how-we-moved-microsoft-com-to-a-pquarantine-dmarc-record/
> >
>
> That hurt my eyes to read. :-) Did you not notice these 2
> conflicting sentences in the first paragraph:
>
> "In case you hadn???t noticed, Microsoft recently published a DMARC record"
>
> "This means that any sender transmitting email either into
> Microsoft???s corp mail servers..."
>
>
> Hint: Microsoft's DMARC record is NOT used by senders transmitting
> email to Microsoft.
It is implicit on that blog post that Microsoft is checking DMARC
inbound from the Internet -- therefore, if they now start publishing
DMARC p=quarantine then anyone spoofing their domains will have his
spoofed emails landing in the Spam Folder, also when the recipients are
inside Microsoft itself.
Terry Zink is part of the Exchange Online Team for Office 365. I
don't think I have enough fingers to count how many tens of millions
of mailboxes are under his keep (everyone of those being a paying
customer). He knows his stuff.
Bye.
--
Peter Gonzalez
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
