[mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Arne Allisat via mailop]

Just a short info to whom it might interest:

Very soon, we will go live with DMARC check on incoming mails for all mailboxes 
operated by WEB.DE, GMX & mail.com.
That covers several hundred of recipient domains [1] and roughly 50% of the 
German email users.

For now we will handle reject and quarantine policies equally as quarantine.
GDPR compliant, aggregated DMARC reports will follow as well (without giving an 
ETA).

Best regards
Arne Allisat
Head of Mail Application Security
Produktmanagement Portal
1&1 Mail & Media GmbH | Brauerstraße 48 | 76135 Karlsruhe | Germany

[1] - A non official reference of domains can be found at 
https://www.spamresource.com/2020/03/reference-webde-gmx-and-mailcom-domains.html

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Udeme Ukutt via mailop]

That's great news, Arne!

Udeme - LinkedIn

On Tue, Mar 9, 2021 at 9:45 AM Arne Allisat via mailop 
wrote:

> Just a short info to whom it might interest:
>
> Very soon, we will go live with DMARC check on incoming mails for all
> mailboxes operated by WEB.DE, GMX & mail.com.
> That covers several hundred of recipient domains [1] and roughly 50% of
> the German email users.
>
> For now we will handle reject and quarantine policies equally as
> quarantine.
> GDPR compliant, aggregated DMARC reports will follow as well (without
> giving an ETA).
>
> Best regards
> *Arne Allisat*
> Head of Mail Application Security
> Produktmanagement Portal
> 1&1 Mail & Media GmbH | Brauerstraße 48 | 76135 Karlsruhe | Germany
>
>
> [1] - A non official reference of domains can be found at
> https://www.spamresource.com/2020/03/reference-webde-gmx-and-mailcom-domains.html
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Al Iverson via mailop]

This is great to hear. Thanks for sharing! And thanks for linking to my list. :)

Cheers,
Al Iverson

On Tue, Mar 9, 2021 at 11:44 AM Arne Allisat via mailop
 wrote:
>
> Just a short info to whom it might interest:
>
> Very soon, we will go live with DMARC check on incoming mails for all 
> mailboxes operated by WEB.DE, GMX & mail.com.
> That covers several hundred of recipient domains [1] and roughly 50% of the 
> German email users.
>
> For now we will handle reject and quarantine policies equally as quarantine.
> GDPR compliant, aggregated DMARC reports will follow as well (without giving 
> an ETA).
>
> Best regards
> Arne Allisat
> Head of Mail Application Security
> Produktmanagement Portal
> 1&1 Mail & Media GmbH | Brauerstraße 48 | 76135 Karlsruhe | Germany
>
>
> [1] - A non official reference of domains can be found at 
> https://www.spamresource.com/2020/03/reference-webde-gmx-and-mailcom-domains.html
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Deliverability: https://spamresource.com
DNS Tools: https://xnnd.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Bjoern Franke via mailop]

Hi,

> 
> Very soon, we will go live with DMARC check on incoming mails for all
> mailboxes operated by WEB.DE, GMX & mail.com .
> That covers several hundred of recipient domains [1] and roughly 50% of
> the German email users.

maybe you should fix this:

: host mx-ha02.web.de[212.227.17.8] said: 552-Requested
mail action aborted: exceeded storage allocation 552-Quota exceeded. 552
For explanation visit
https://postmaster.web.de/error-messages?ip=45.129.181.161&c=quot
(in reply
to RCPT TO command)

Best Regards
Bjoern
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Renaud Allard via mailop]

On 09/03/2021 18:38, Arne Allisat via mailop wrote:

Just a short info to whom it might interest:

Very soon, we will go live with DMARC check on incoming mails for all 
mailboxes operated by WEB.DE, GMX & mail.com .
That covers several hundred of recipient domains [1] and roughly 50% of 
the German email users.


For now we will handle reject and quarantine policies equally as 
quarantine.


Why not respect the will of the senders and reject when they ask to do so?



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Hans-Martin Mosner via mailop]

Am 27.03.21 um 14:07 schrieb Renaud Allard via mailop:
>
>
> On 09/03/2021 18:38, Arne Allisat via mailop wrote:
>> Just a short info to whom it might interest:
>>
>> Very soon, we will go live with DMARC check on incoming mails for all 
>> mailboxes operated by WEB.DE, GMX & mail.com
>> .
>> That covers several hundred of recipient domains [1] and roughly 50% of the 
>> German email users.
>>
>> For now we will handle reject and quarantine policies equally as quarantine.
>
> Why not respect the will of the senders and reject when they ask to do so? 

The will of people isn't always what they really need, and senders are only one 
side in an e-mail transaction :-)

One problem with SPF/DKIM/DMARC is that due to non-malicious manipulation of 
messages (for example forwarding etc.)
messages may look invalid at the receiving site. Forwarding is most often used 
by recipients to achieve their preferred
way of handling mail, so rejecting mails that they want to receive would mean 
you ignore their wishes as recipients in
favor of the wishes of the senders who often don't take these machanisms into 
account.

In the e-mail world, the will of recipients is ignored often enough (spam spam 
spam, lovely spam), now ignoring it again
in the name of respecting the will of the sender wouldn't really be helping 
recipients trust the medium.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Hans-Martin Mosner via mailop]

Am 27.03.21 um 15:29 schrieb Hans-Martin Mosner via mailop:
>
> One problem with SPF/DKIM/DMARC is that due to non-malicious manipulation of 
> messages (for example forwarding etc.)
> messages may look invalid at the receiving site. 

I just noticed that the mails in this mailing list are such an example. 
Apparently the mailing list system does not
perform DMARC mitigation on mails, so the original sender's DKIM signatures 
become invalid. If you had a DMARC policy of
"reject" and our mail system would strictly adhere to the policy, your mail 
would be rejected. Is that your (the
sender's) will?

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Wolfgang Rosenauer via mailop]

Am 27.03.21 um 15:43 schrieb Hans-Martin Mosner via mailop:

Am 27.03.21 um 15:29 schrieb Hans-Martin Mosner via mailop:


One problem with SPF/DKIM/DMARC is that due to non-malicious manipulation of 
messages (for example forwarding etc.)
messages may look invalid at the receiving site.


I just noticed that the mails in this mailing list are such an example. 

Apparently the mailing list system does not

perform DMARC mitigation on mails, so the original sender's DKIM signatures 
become invalid. If you had a DMARC policy of
"reject" and our mail system would strictly adhere to the policy, your mail 
would be rejected. Is that your (the
sender's) will?


Yes, there are such cases but I don't think they apply for this list.

Yes - the list breaks DKIM (which is already something which should be 
avoided since I do not see a need to modify the body with a footer


But SPF passes in general for mails from that list because the sender is 
@mailop.org (not many lists do it like this though).
Because of the above SPF is even "aligned" and therefore DMARC passes 
that message.


What I'm missing nevertheless as another mitigation on that list is an 
ARC-Message-Signature and an ARC-Seal from the listserver.


While saying that I'm not decided if a DMARC reject must be totally 
respected. I actually would not set a reject policy myself but stick to 
quarantine.
Wondering if one can assume that if someone goes the extra mile of DMARC 
he also understands the impact on a reject policy though.



Wolfgang



OpenPGP_signature
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[John Levine via mailop]

It appears that Renaud Allard via mailop  said:
>> For now we will handle reject and quarantine policies equally as 
>> quarantine.
>
>Why not respect the will of the senders and reject when they ask to do so?

Because we know from painful experience that what senders say and what
senders do often have little to do with each other. In particular,
large companies and government bureaus often publish p=reject because
someone told the IT department it is "more secure", and are oblivious
to the fact that it screws up their employees' actual mail.

For example, I handle the web site and mail for my local town
government, forwarding many of the addresses to their Gmail accounts. We
were losing a lot of mail from the US Census bureau which had p=reject
and no DKIM signatures.

R's,
John


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[John Levine via mailop]

It appears that Wolfgang Rosenauer via mailop  
said:
>Yes, there are such cases but I don't think they apply for this list.
>
>Yes - the list breaks DKIM (which is already something which should be 
>avoided since I do not see a need to modify the body with a footer

It adds subject tags, too.  There are good reasons that lists modify the 
messages.

>But SPF passes in general for mails from that list because the sender is 
>@mailop.org (not many lists do it like this though).
>Because of the above SPF is even "aligned" and therefore DMARC passes 
>that message.

Sorry, that's just wrong. For DMARC, SPF alignment means the MAIL FROM
domain matches the From domain.

>What I'm missing nevertheless as another mitigation on that list is an 
>ARC-Message-Signature and an ARC-Seal from the listserver.

Mailman 2 doesn't do ARC.  For that they need Mailman 3 or Sympa.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Heiko Schlittermann via mailop]

John Levine via mailop  (Sa 27 Mär 2021 16:05:59 CET):
> For example, I handle the web site and mail for my local town
> government, forwarding many of the addresses to their Gmail accounts. We
> were losing a lot of mail from the US Census bureau which had p=reject
> and no DKIM signatures.

If you do not reject but quarantine, just because the sender's systems
are broken, they'll never fix it. And if I reject it (because it's what
their policy askes me to do), they'll tell me, that I must be wrong,
because your site accepts the mails.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Wolfgang Rosenauer via mailop]

Am 27.03.21 um 18:15 schrieb John Levine via mailop:

It appears that Wolfgang Rosenauer via mailop  
said:

Yes, there are such cases but I don't think they apply for this list.

Yes - the list breaks DKIM (which is already something which should be
avoided since I do not see a need to modify the body with a footer


It adds subject tags, too.  There are good reasons that lists modify the 
messages.


Really better reasons than keeping authenticity measurements in place?
I would say that's debatable.


But SPF passes in general for mails from that list because the sender is
@mailop.org (not many lists do it like this though).
Because of the above SPF is even "aligned" and therefore DMARC passes
that message.


Sorry, that's just wrong. For DMARC, SPF alignment means the MAIL FROM
domain matches the From domain.


And?
From your mail:
Return-Path: 
From: John Levine via mailop 
dmarc=pass (policy=none) header.from=mailop.org;
because the mail was received from 2a03:4000:37:599:d8ce:dff:fee1:81c2 
which is permitted by the mailop.org SPF policy.


So what in my statement was "wrong"?


What I'm missing nevertheless as another mitigation on that list is an
ARC-Message-Signature and an ARC-Seal from the listserver.


Mailman 2 doesn't do ARC.  For that they need Mailman 3 or Sympa.


I didn't analyze why it's not in place but just stated that it isn't.


Wolfgang



OpenPGP_signature
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Ángel via mailop]

Am 27.03.21 um 15:29 schrieb Hans-Martin Mosner:
> Forwarding is most often used by recipients to achieve their
> preferred way of handling mail, so rejecting mails that they want to
> receive would mean you ignore their wishes as recipients in
> favor of the wishes of the senders who often don't take these
> machanisms into account.

The recipient should be in control of the rules. If a recipient wants
to bypass any spam controls for mail coming from an IP from which they
forward, they should be able to. Or to let ab...@example.com receive
known-malicious mail. It's all fair game.

The problem is that mail providers (that I know of) don't allow that
granularity to the customers and instead end up second-guessing if the
customer would want to override it or not, which weakens the ecosystem.


On 2021-03-27 at 15:43 +0100, Hans-Martin Mosner via mailop wrote:
> I just noticed that the mails in this mailing list are such an
> example. Apparently the mailing list system does not
> perform DMARC mitigation on mails, so the original sender's DKIM
> signatures become invalid. If you had a DMARC policy of
> "reject" and our mail system would strictly adhere to the policy,
> your mail would be rejected. Is that your (the
> sender's) will?
> 
> Cheers,
> Hans-Martin

What's your plan for handling mailing lists? Even if you leave them in
a spam folder, that will surely upset some of your customers.
Also, are you going to expose the reason to the user?



Thinking how to design a system like this, I would probably add a
banner when viewing those spamboxed mails:

> Marked as spam because it falsely claims to come from example.com,
> and example.com explicitly requested all such mail to be
> [quarantined|discarded] 


And, if the mail has mailing list headers, add a second link:
> Skip this check for mail from «For mail operators »


Obviously,  would lead to a page explaining in more detail
(but still in layman terms) that a sender requests that using DMARC and
the mail wasn't signed by example.com nor came from any of the servers
stated are the only ones sending legitimate mail on behalf of them.

And 'Skip this check' would add it to a per-recipient list of mailing
lists he is subscribed to, which provides a direct pass to the inbox
(assuming alignment for the mailing list itself). If the list went
rogue or the user wanted to unsubscribe, he could remove that exception
from his account preferences.


Best regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Vsevolod Stakhov via mailop]

On 27/03/2021 21:00, Wolfgang Rosenauer via mailop wrote:
> Am 27.03.21 um 18:15 schrieb John Levine via mailop:
>> It appears that Wolfgang Rosenauer via mailop
>>  said:
>>> Yes, there are such cases but I don't think they apply for this list.
>>>
>>> Yes - the list breaks DKIM (which is already something which should be
>>> avoided since I do not see a need to modify the body with a footer
>>
>> It adds subject tags, too.  There are good reasons that lists modify
>> the messages.
> 
> Really better reasons than keeping authenticity measurements in place?
> I would say that's debatable.
> 
>>> But SPF passes in general for mails from that list because the sender is
>>> @mailop.org (not many lists do it like this though).
>>> Because of the above SPF is even "aligned" and therefore DMARC passes
>>> that message.
>>
>> Sorry, that's just wrong. For DMARC, SPF alignment means the MAIL FROM
>> domain matches the From domain.
> 
> And?
> From your mail:
> Return-Path: 
> From: John Levine via mailop 
> dmarc=pass (policy=none) header.from=mailop.org;
> because the mail was received from 2a03:4000:37:599:d8ce:dff:fee1:81c2
> which is permitted by the mailop.org SPF policy.
> 
> So what in my statement was "wrong"?
> 
>>> What I'm missing nevertheless as another mitigation on that list is an
>>> ARC-Message-Signature and an ARC-Seal from the listserver.
>>
>> Mailman 2 doesn't do ARC.  For that they need Mailman 3 or Sympa.
> 
> I didn't analyze why it's not in place but just stated that it isn't.

I have recently assisted FreeBSD mailing lists migration from Mailman 2
as Python 2 has become totally deprecated. We have decided to keep all
stuff for authentication and messages modifications inside Rspamd, well,
mainly because I can modify Rspamd to implement all features required
more or less easily. So far, we do all DKIM signing, ARC signing and
even DMARC munging within Rspamd only[1]. Therefore, any mailing list
solution can be used to serve ML traffic, even a most simple ones.

I have prepared a small presentation about that and several other things
[2] a couple of years ago (I'd like to say sorry in advance for my poor
English). Messages modification framework has made quite a significant
progress since that presentation.

[1]: https://github.com/rspamd/rspamd/issues/3647
[2]: https://papers.freebsd.org/2019/fosdem/stakhov-rspamd_freebsd/

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Arne Allisat via mailop]

Whoops - And thanks. Thanks. Will report it to the team.


> Am 27.03.2021 um 13:03 schrieb Bjoern Franke :
> 
> Hi,
> 
>> 
>> Very soon, we will go live with DMARC check on incoming mails for all
>> mailboxes operated by WEB.DE, GMX & mail.com .
>> That covers several hundred of recipient domains [1] and roughly 50% of
>> the German email users.
> 
> maybe you should fix this:
> 
> : host mx-ha02.web.de[212.227.17.8] said: 552-Requested
>mail action aborted: exceeded storage allocation 552-Quota exceeded. 552
>For explanation visit
>https://postmaster.web.de/error-messages?ip=45.129.181.161&c=quot
> (in reply
>to RCPT TO command)
> 
> Best Regards
> Bjoern

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Arne Allisat via mailop]

Hi Renaud,


> Am 27.03.2021 um 14:07 schrieb Renaud Allard via mailop :
> 
> 
> 
> On 09/03/2021 18:38, Arne Allisat via mailop wrote:
>> Just a short info to whom it might interest:
>> Very soon, we will go live with DMARC check on incoming mails for all 
>> mailboxes operated by WEB.DE, GMX & mail.com .
>> That covers several hundred of recipient domains [1] and roughly 50% of the 
>> German email users.
>> For now we will handle reject and quarantine policies equally as quarantine.
> 
> Why not respect the will of the senders and reject when they ask to do so?

We will do so in the future. Thats why I wrote „for now“.
I cannot give an ETA, though. 

//Arne

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Hans-Martin Mosner via mailop]

At risk of repeating myself, you should be aware that this decision will not 
respect the will of the senders or recipients, but the probably 
well-intentioned but not necessarily well-informed will of the sending mail 
system operator.

You *will* cause unintended mail rejections, and the parties affected (sender 
and recipient) are the ones who are least able to change anything about it 
(except changing their mail service provider, giving up on mail consolidation 
by forwarding, or migrating to a mailing list manager that does DMARC 
mitigations, all of which incur considerable effort and disruptions).

One option that you should consider to mitigate the effects for recipients is 
to allow per-recipient DMARC exceptions, because the recipient is the one who 
ultimately decides whether mail is wanted or unwanted. If you tag messages for 
a transition period of a month or so while already providing such an exception 
setting, recipients will be able to adjust their settings before mail gets lost.

Cheers,
Hans-Martin

31. März 2021 10:00, "Arne Allisat via mailop"  schrieb:

> Hi Renaud,
> 
>> Am 27.03.2021 um 14:07 schrieb Renaud Allard via mailop :
>> 
>> On 09/03/2021 18:38, Arne Allisat via mailop wrote:
>>> Just a short info to whom it might interest:
>>> Very soon, we will go live with DMARC check on incoming mails for all 
>>> mailboxes operated by WEB.DE,
>>> GMX & mail.com .
>>> That covers several hundred of recipient domains [1] and roughly 50% of the 
>>> German email users.
>>> For now we will handle reject and quarantine policies equally as quarantine.
>> 
>> Why not respect the will of the senders and reject when they ask to do so?
> 
> We will do so in the future. Thats why I wrote „for now“.
> I cannot give an ETA, though.
> 
> //Arne
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Paul Gregg via mailop]

On Thu, Apr 01, 2021 at 04:51:34PM +0100, Laura Atkins via mailop wrote:
> 
> 
> > On 1 Apr 2021, at 15:36, Marcel Becker via mailop  wrote:
> > 
> > On Thu, Apr 1, 2021 at 12:43 AM Hans-Martin Mosner via mailop 
> > mailto:mailop@mailop.org>> wrote:
> > 
> > One option that you should consider to mitigate the effects for recipients 
> > is to allow per-recipient DMARC exceptions, because the recipient is the 
> > one who ultimately decides whether mail is wanted or unwanted.
> > 
> > Recipients are the ones least able to make a decision whether a mail 
> > claiming to be from brand.com  was really sent from 
> > brand.com . They don't even know that a mail from 
> > lookslikebrand.com  is not legit, move it out 
> > of the spam folder and then proceed to interact with it…
> 
> And half of the time looklikebrand.com is actually said brand. 
> 
> laura 

And even if lookalikebrand.com is a fake/phish - the sender is either going to 
not have
DMARC/SPF records or they're going to set them up to be perfect - in either 
case,
this argument is irrelevant.

PG


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Andrew C Aitchison via mailop]

I have lost track. 
Are you saying that GMX should not use DMARC, or that they should not 
treat reject as quarantine ?


On Thu, 1 Apr 2021, Hans-Martin Mosner via mailop wrote:


At risk of repeating myself, you should be aware that this decision
will not respect the will of the senders or recipients, but the
probably well-intentioned but not necessarily well-informed will of
the sending mail system operator.

You *will* cause unintended mail rejections, and the parties
affected (sender and recipient) are the ones who are least able to
change anything about it (except changing their mail service
provider, giving up on mail consolidation by forwarding, or
migrating to a mailing list manager that does DMARC mitigations, all
of which incur considerable effort and disruptions).

One option that you should consider to mitigate the effects for
recipients is to allow per-recipient DMARC exceptions, because the
recipient is the one who ultimately decides whether mail is wanted
or unwanted. If you tag messages for a transition period of a month
or so while already providing such an exception setting, recipients
will be able to adjust their settings before mail gets lost.

Cheers,
Hans-Martin

31. MÀrz 2021 10:00, "Arne Allisat via mailop"  schrieb:


Hi Renaud,


Am 27.03.2021 um 14:07 schrieb Renaud Allard via mailop :

On 09/03/2021 18:38, Arne Allisat via mailop wrote:

Just a short info to whom it might interest:
Very soon, we will go live with DMARC check on incoming mails for all mailboxes 
operated by WEB.DE,
GMX & mail.com .
That covers several hundred of recipient domains [1] and roughly 50% of the 
German email users.
For now we will handle reject and quarantine policies equally as quarantine.


Why not respect the will of the senders and reject when they ask to do so?


We will do so in the future. Thats why I wrote „for now“.
I cannot give an ETA, though.

//Arne

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Info - DMARC at WEB.DE, GMX, mail.com coming soon

[Hans-Martin Mosner via mailop]

As Arne said "we will do that in the future", they apparently plan to reject, 
not just quarantine, and that would be a problem.
Analyzing DMARC and tagging failing messages or putting them in Junk (with the 
option of overriding this for certain senders or forwarding hosts) is fine 
IMHO, so my recommendation would be to only quarantine, not reject, unless the 
recipient explicitly agrees to that.
I'm not expecting them to follow my recommendations, people rarely do.

Cheers,
Hans-Martin

1. April 2021 23:12, "Andrew C Aitchison via mailop"  
schrieb:

> I have lost track. 
> Are you saying that GMX should not use DMARC, or that they should not 
> treat reject as quarantine ?
> 
> On Thu, 1 Apr 2021, Hans-Martin Mosner via mailop wrote:
> 
>> At risk of repeating myself, you should be aware that this decision
>> will not respect the will of the senders or recipients, but the
>> probably well-intentioned but not necessarily well-informed will of
>> the sending mail system operator.
>> 
>> You *will* cause unintended mail rejections, and the parties
>> affected (sender and recipient) are the ones who are least able to
>> change anything about it (except changing their mail service
>> provider, giving up on mail consolidation by forwarding, or
>> migrating to a mailing list manager that does DMARC mitigations, all
>> of which incur considerable effort and disruptions).
>> 
>> One option that you should consider to mitigate the effects for
>> recipients is to allow per-recipient DMARC exceptions, because the
>> recipient is the one who ultimately decides whether mail is wanted
>> or unwanted. If you tag messages for a transition period of a month
>> or so while already providing such an exception setting, recipients
>> will be able to adjust their settings before mail gets lost.
>> 
>> Cheers,
>> Hans-Martin
>> 
>> 31. MÀrz 2021 10:00, "Arne Allisat via mailop"  schrieb:
>> 
>>> Hi Renaud,
>> 
>> Am 27.03.2021 um 14:07 schrieb Renaud Allard via mailop :
>> 
>> On 09/03/2021 18:38, Arne Allisat via mailop wrote:
>> Just a short info to whom it might interest:
>> Very soon, we will go live with DMARC check on incoming mails for all 
>> mailboxes operated by WEB.DE,
>> GMX & mail.com .
>> That covers several hundred of recipient domains [1] and roughly 50% of the 
>> German email users.
>> For now we will handle reject and quarantine policies equally as quarantine.
>> 
>> Why not respect the will of the senders and reject when they ask to do so?
>>> We will do so in the future. Thats why I wrote „for now“.
>>> I cannot give an ETA, though.
>>> 
>>> //Arne
>>> 
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org
>>> https://list.mailop.org/listinfo/mailop
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> 
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop