[dmarc-discuss] Netscape.net?
Hi All, One of our mailing list members, with a netscape.net email address, is getting DMARC bounces. That domain is set to p=none. Because of this we don't re-write her From lines. The netscape.net MX points to AOL, which we know does reject. And we're seeing AOL DMARC bounces for her messages. It seems to me that we need to treat netscape.net addresses as p=reject, as they seem to have misconfigured their DMARC record. Or am I misunderstanding what's happening (completely possible)? Thanks, Mark ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] Netscape.net?
There are a couple of possibilities. 1. There used to be secret backchannel agreements between ISPs to treat certain domains as if they were p=reject. Some of this even predates the DMARC spec. Could be the case here. 2. Some filter authors got too zealous and are treating p=none as if it were p=reject. 3. Some filters come down really hard on an auth failure, regardless of DMARC. We've run into this as well and in our application we deal with it by having a DMARC table. We add domains to the DMARC table automatically if they have a p=reject policy. But we can also add domains manually to it, if it is in the domain owner's or users' best interest. Then we rewrite headers for mail from that email domain as needed. You might want to do the same. Where this came in really handy lately is that a big client wants to go to p=reject but isn't there yet. Right now they're just auditing, and they see a lot of traffic that would bounce under p=reject due to how our system handles forwarding of some replies. We dropped their name into the DMARC table, and now that mail no longer uses their domain, and it no longer shows up on their audit report, and thus that particular mail forwarding scenario is solved, even before they went to p=reject. In my personal mailing list manager I also have a short list of domains that I treat as though they are p=reject, regardless of the true domain setting. I have found (anecdotally) that list mail from some domains failing DMARC are more likely to go to spam at Gmail even if p=none. Treating them as p=reject is one possible way to address this. Hope that helps. Regards, Al Iverson -- Al Iverson www.aliverson.com (312)725-0130 On Thu, Mar 23, 2017 at 1:01 PM, Mark Fletcher via dmarc-discuss wrote: > Hi All, > > One of our mailing list members, with a netscape.net email address, is > getting DMARC bounces. That domain is set to p=none. Because of this we > don't re-write her From lines. The netscape.net MX points to AOL, which we > know does reject. And we're seeing AOL DMARC bounces for her messages. > > It seems to me that we need to treat netscape.net addresses as p=reject, as > they seem to have misconfigured their DMARC record. Or am I misunderstanding > what's happening (completely possible)? > > Thanks, > Mark > > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] Netscape.net?
Mark - Can you send me more info off list? I'll take a look and see what's up. On Thu, Mar 23, 2017 at 1:01 PM, Mark Fletcher via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Hi All, > > One of our mailing list members, with a netscape.net email address, is > getting DMARC bounces. That domain is set to p=none. Because of this we > don't re-write her From lines. The netscape.net MX points to AOL, which > we know does reject. And we're seeing AOL DMARC bounces for her messages. > > It seems to me that we need to treat netscape.net addresses as p=reject, > as they seem to have misconfigured their DMARC record. Or am I > misunderstanding what's happening (completely possible)? > > Thanks, > Mark > > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > -- PAUL ROCK Principal Software Engineer | AOL Mail P: 703-265-5734 | C: 703-980-8380 AIM: paulsrock 22070 Broderick Dr.| Dulles, VA | 20166-9305 ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] Netscape.net?
In article you write: > >One of our mailing list members, with a netscape.net email address, is >getting DMARC bounces. That domain is set to p=none. That hasn't been the case for quite a while. $ dig _dmarc.netscape.net txt ;; QUESTION SECTION: ;_dmarc.netscape.net. IN TXT ;; ANSWER SECTION: _dmarc.netscape.net.60 IN TXT "v=DMARC1; p=reject; fo=1; pct=100; ri=3600; rua=mailto:a...@rua.agari.com; ruf=mailto:a...@ruf.agari.com"; R's, John ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] Netscape.net?
>From our recent logs, it looks like it was updated from p=none to p=reject on sometime around 2/23 1p PDT ... probably because of this note. Brandon On Fri, Mar 24, 2017 at 12:52 PM, John Levine via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > In article gmail.com> you write: > > > >One of our mailing list members, with a netscape.net email address, is > >getting DMARC bounces. That domain is set to p=none. > > That hasn't been the case for quite a while. > > $ dig _dmarc.netscape.net txt > > ;; QUESTION SECTION: > ;_dmarc.netscape.net. IN TXT > > ;; ANSWER SECTION: > _dmarc.netscape.net.60 IN TXT "v=DMARC1; p=reject; > fo=1; pct=100; ri=3600; rua=mailto:a...@rua.agari.com; ruf=mailto: > a...@ruf.agari.com" > > R's, > John > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] Netscape.net?
Er, that's 3/23, ie yesterday. On Fri, Mar 24, 2017 at 3:39 PM, Brandon Long wrote: > From our recent logs, it looks like it was updated from p=none to p=reject > on sometime around 2/23 1p PDT ... probably because of this note. > > Brandon > > On Fri, Mar 24, 2017 at 12:52 PM, John Levine via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > >> In article > ail.com> you write: >> > >> >One of our mailing list members, with a netscape.net email address, is >> >getting DMARC bounces. That domain is set to p=none. >> >> That hasn't been the case for quite a while. >> >> $ dig _dmarc.netscape.net txt >> >> ;; QUESTION SECTION: >> ;_dmarc.netscape.net. IN TXT >> >> ;; ANSWER SECTION: >> _dmarc.netscape.net.60 IN TXT "v=DMARC1; p=reject; >> fo=1; pct=100; ri=3600; rua=mailto:a...@rua.agari.com; ruf=mailto: >> a...@ruf.agari.com" >> >> R's, >> John >> ___ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> > > ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
