On Wed, February 11, 2015 06:28, John wrote: > So far all the DMARC reports I have received appear to be the result > of somebody posting to a mailing list.
Normally one only receives a DMARC report when there is a violation of the SPF or the DKIM signature is invalid for a message signed by your domain. > Is it normal for mailing lists cause DMARC reports? It is common that MLM rewrite parts of the message or headers, thus invalidating any DKIM signature applied to the original message; or resend messages as originating from the original sender, thereby violating the SPF of the original domain. > Is there some way of filtering out these reports, which in my opinion > are false? They are not false reports. They are exactly what one would expect given the behaviour of most MLM software. The mailing list re-transmission of message purporting as coming directly from the original sender is indistinguishable from a UCEM/SPAM operator pretending to by you and sending junk mail from some place deep in the heart of Kiev, or Moscow, or Lima. No doubt the behaviour of MLM software will change over time. Indeed it already has occurred in some cases. But, it may take more conservative Linux distributions some time to include the most recent software. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:[email protected] Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
