Re: DMARC and mailing lists (was Re: IADB whitelist)
Matus UHLAR - fantomas skrev den 2017-12-26 18:49: have you never been subscribed to spammers' blacklist without your permission? On 26.12.17 19:01, Benny Pedersen wrote: hopefully apache.org does know how to handle spam you did not narrow your sentence on apache mailing lists, perhaps you should. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
Re: DMARC and mailing lists (was Re: IADB whitelist)
Matus UHLAR - fantomas skrev den 2017-12-26 18:49: have you never been subscribed to spammers' blacklist without your permission? hopefully apache.org does know how to handle spam
Re: DMARC and mailing lists (was Re: IADB whitelist)
RW skrev den 2017-12-26 18:05: I didn't receive any posts in "IADB whitelist" thread from the OP because they all failed DMARC with a reject policy. I found the posts on gmane. On 26.12.17 18:21, Benny Pedersen wrote: stop reject maillists no matter if dmarc fails have you never been subscribed to spammers' blacklist without your permission? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
Re: DMARC and mailing lists (was Re: IADB whitelist)
RW skrev den 2017-12-26 18:05: I didn't receive any posts in "IADB whitelist" thread from the OP because they all failed DMARC with a reject policy. I found the posts on gmane. stop reject maillists no matter if dmarc fails Posting to mailing lists with a domain using a strict DMARC policy is inherently risky because you are losing the redundancy of an aligned SPF pass and there's a lot that can go wrong with DKIM. policy reject is safe on spamassaasin maillist just like it is on postfix maillist, but you report a diffrent problem that does not help it In this case the open-t.co.uk DKIM signature signed "reply-to" and a lot of "list-*" headers that are added by the list. This guaranteed a DKIM fail downstream of the list servers. this is the error, sadly systems try to sign all headers without understanding what happend with this I thought it as worth pointing this out to avoid others making similar mistakes. However, DMARC problems could generally be mitigated by the listservers adding ARC headers. makw apache.org reject dmarc fails, possible ?, opendkim can test unsafe header signed for maillist members add hermes.apache.org to opendkim AND opendmarc trusted sender ip arc is basicly help make it worse :( note signed headers on my post here, its default in opendkim, if more headers is signed it dmarc unsafe