* Brandon Long: >> I recommend using separate domains, or subdomains, for regular >> business and for mailing lists [...] > > Why?
Because something is definitely wron if an email from ra...@mycorp.com (an address only used for business) fails SPF or DKIM checks, and I'd like to know about that. Mail from ra...@ml.mycorp.com however, an address only used for mailing lists but not for business, can fail these checks due to sub-optimal ML software setups or other reasons, and it does not worry me much. > For one, I'm not sure what you're recommending, either: > 1) Host mailing lists on a separate domain > 2) Send mail to mailing lists on a separate domain Both, actually. I host mailing lists aswell, and continuing the example above, they use the domain lists.mycorp.com. > We played with that a bit when we were first rolling out DMARC > predecessor, adding a googlers.com domain. Ultimately, we decided > that leaving a domain open that can be spoofed defeats the purpose of > DMARC. I cannot speak for others, but a sender address like al...@google.com or b...@microsoft.com does not normally signal "the author is more competent or important than others" to me. This particular mailing list may be an exception, but generally speaking, I don't usually care who somebody works for, as long as his/her ML contributions are solid. That's why, in the ML context, I don't see spoofing as much of a threat and am content with using a (sub)domain with a "p=none" DMARC policy. > everything is a continuum and everyone needs to understand and make > the right choices for them. DMARC and its underlying mechanisms indeed have shortcomings, and my recommendation helps to circumvent these. There are mailing lists like postfix-users which wisely don't break DKIM sigs, and there are others that consider subject prefixes and body footers more important. For me, using separate (sub)domains is a working solution, and a cheap one at that. Right now I use a private domain, because I am speaking only for myself, but if I need to subscribe to a ML where I represent my company, a subdomain will do for me. YMMV, of course, and any person who runs mail servers indeed needs to understand what they are doing. -Ralph _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
