Re: {OT] Mailing lists etc for postmasters
On Fri 01/03/2024 at 11:16, Andy Smith wrote: > Hi, > > On Fri, Mar 01, 2024 at 11:00:13AM +, Gareth Evans wrote: >> "Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC >> quarantine enforcement policy, and impersonating Gmail From: headers might >> impact your email delivery." > > Talks about gmail's own use of DMARC, not the sender's. That makes perfect sense :) >> Can a "DMARC quarantine enforcement policy" operate, if the sender >> doesn't use DMARC? This idea seems to relate more to SPF than >> anything? > > gmail's own policy is quarantine so if you send from somewhere that > isn't gmail, while pretending to be from a gmail property, gmail > indicates that it wishes¹ for your email to be quarantined by the > recipient. So does that. > Thanks,. > Andy > > ¹ Even receiving sites that process DMARC sometimes don't carry out > the DMARC author's wishes. As a common example that most of us > will have seen, Mailman mailing lists will often just selectively > rewrite the headers. Yes. Thanks very much. G > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting
Re: {OT] Mailing lists etc for postmasters
Hi, On Fri, Mar 01, 2024 at 11:00:13AM +, Gareth Evans wrote: > https://support.google.com/a/answer/81126?hl=en#requirements-5k&zippy=%2Crequirements-for-sending-or-more-messages-per-day%2Crequirements-for-all-senders > > mentions DMARC in requirements for all senders: > > "Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC > quarantine enforcement policy, and impersonating Gmail From: headers might > impact your email delivery." Talks about gmail's own use of DMARC, not the sender's. > Can a "DMARC quarantine enforcement policy" operate, if the sender > doesn't use DMARC? This idea seems to relate more to SPF than > anything? gmail's own policy is quarantine so if you send from somewhere that isn't gmail, while pretending to be from a gmail property, gmail indicates that it wishes¹ for your email to be quarantined by the recipient. Thanks,. Andy ¹ Even receiving sites that process DMARC sometimes don't carry out the DMARC author's wishes. As a common example that most of us will have seen, Mailman mailing lists will often just selectively rewrite the headers. -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: {OT] Mailing lists etc for postmasters
On Fri 01/03/2024 at 11:00, Gareth Evans wrote: > This idea seems to relate more to SPF than anything? Or DKIM, indeed, as you say Andy, at least one of which is the authentication component. Documentation could be clearer. Thanks G
Re: {OT] Mailing lists etc for postmasters
On Fri 01/03/2024 at 09:18, Andy Smith wrote: > Just for the record, the Authentication part of DMARC is done with > SPF and/or DKIM; the large mailbox providers actually (since 1 Feb) > require *either* SPF *or* DKIM passes, or both if you are a bulk > sender (thousands of mails per day). > > DMARC itself remains optional (but recommended) and once taken > separately from SPF and DKIM is mainly a reporting mechanism. https://support.google.com/a/answer/81126?hl=en#requirements-5k&zippy=%2Crequirements-for-sending-or-more-messages-per-day%2Crequirements-for-all-senders mentions DMARC in requirements for all senders: "Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery." but only explicitly requires it in requirements for senders of >5,000 messages a day: "Set up DMARC email authentication for your sending domain ..." ...which is not quite as clear as it might be. Can a "DMARC quarantine enforcement policy" operate, if the sender doesn't use DMARC? This idea seems to relate more to SPF than anything?
Re: {OT] Mailing lists etc for postmasters
Hi, On Fri, Mar 01, 2024 at 01:42:07AM +, Gareth Evans wrote: > I have somehow only just discovered that Gmail, Apple and Yahoo > are introducing, or have recently introduced, DMARC requirements > for senders. Just for the record, the Authentication part of DMARC is done with SPF and/or DKIM; the large mailbox providers actually (since 1 Feb) require *either* SPF *or* DKIM passes, or both if you are a bulk sender (thousands of mails per day). DMARC itself remains optional (but recommended) and once taken separately from SPF and DKIM is mainly a reporting mechanism. > I am subscribed to mailop (though don't read it as often as I > should!) but from a mail search there doesn't seem to have been > anything there about this recently. This has been discussed at length on mailop since well back in 2023. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: {OT] Mailing lists etc for postmasters
On Fri, Mar 01, 2024 at 08:19:42AM +, Michael Grant wrote: > https://list.mailop.org/listinfo/mailop > > And the main page > https://www.mailop.org/ Thanks abig bunch! -- tomás signature.asc Description: PGP signature
Re: {OT] Mailing lists etc for postmasters
https://list.mailop.org/listinfo/mailop And the main page https://www.mailop.org/ On 1 March 2024 05:43:44 GMT, to...@tuxteam.de wrote: >On Fri, Mar 01, 2024 at 01:42:07AM +, Gareth Evans wrote: >> I have somehow only just discovered that Gmail, Apple and Yahoo are >> introducing, or have recently introduced, DMARC requirements for senders. >> >> See for exmaple >> https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements >> >> Can anyone recommend good mailing lists or other resources for people who >> look after email servers/services? It takes up little of my work, but an >> area of interest. > >Me too :) > >ISTR that there was a mention of such a thing here in debian-user@, >but my search-fu hasn't been up to the challenge of finding it. > >OTOH, my memory could be playing games on me. > >Cheers >-- >t
Re: {OT] Mailing lists etc for postmasters
Am 01.03.2024 schrieb "Gareth Evans" : > I am subscribed to mailop (though don't read it as often as I > should!) but from a mail search there doesn't seem to have been > anything there about this recently. That topic has been discussed there, you can find those discussions in the archive (you need to be subscribed to read it).
Re: {OT] Mailing lists etc for postmasters
On Fri, Mar 01, 2024 at 01:42:07AM +, Gareth Evans wrote: > I have somehow only just discovered that Gmail, Apple and Yahoo are > introducing, or have recently introduced, DMARC requirements for senders. > > See for exmaple > https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements > > Can anyone recommend good mailing lists or other resources for people who > look after email servers/services? It takes up little of my work, but an > area of interest. Me too :) ISTR that there was a mention of such a thing here in debian-user@, but my search-fu hasn't been up to the challenge of finding it. OTOH, my memory could be playing games on me. Cheers -- t signature.asc Description: PGP signature
{OT] Mailing lists etc for postmasters
I have somehow only just discovered that Gmail, Apple and Yahoo are introducing, or have recently introduced, DMARC requirements for senders. See for exmaple https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements Can anyone recommend good mailing lists or other resources for people who look after email servers/services? It takes up little of my work, but an area of interest. I half expected to be able to find mailing lists for postmasters run by the big email service providers, but ddg was bare. Gmail's blog looks more marketingy than anything, but potentially useful https://blog.google/products/gmail/ I am subscribed to mailop (though don't read it as often as I should!) but from a mail search there doesn't seem to have been anything there about this recently. Many thanks, Gareth