Re: [dmarc-discuss] "Subdomain" Wildcard in DMARC Report Authorization Records

2017-03-24 Thread Elizabeth Zwicky via dmarc-discuss
The DMARC evaluator queries for a specific domain name every time; the * is notation used to tell the DNS server what queries to answer. The DMARC documentation doesn't talk about where you can put * because DMARC never sees or uses the *, it's all in what your DNS server does.     Elizabeth On

Re: [dmarc-discuss] dmarc.org breaks dkim & dmarc

2016-10-04 Thread Elizabeth Zwicky via dmarc-discuss
The DMARC on the mailing list passes when it reaches me -- it appears that something in the path between you and dmarc.org is the problem with breaking the DKIM signature. Since it's dmarc.org's DKIM signature, it's put on after all the mailing list handling, so I'm not sure why anybody thinks

Re: [dmarc-discuss] dmarc fail for linkedin

2016-10-03 Thread Elizabeth Zwicky via dmarc-discuss
Those headers cannot all be true. If the SPF pass is right, then the DMARC fail is wrong. Look at fixing the DMARC calculation, not your calculations. Elizabeth On Monday, October 3, 2016, 4:59:53 AM PDT, DurgaPrasad - DatasoftComnet via dmarc-discuss wrote:#yiv4358277168 #yiv4358277168 -- _fil

Re: [dmarc-discuss] exegesis: pass and fail together

2016-07-11 Thread Elizabeth Zwicky via dmarc-discuss
do one to make it a relevant one. It just says "The DKIM identifier evaluated and the DKIM result, if any".  Elizabeth On Sunday, July 10, 2016 2:27 PM, Juri Haberland via dmarc-discuss wrote: On 07.07.2016 18:53, Elizabeth Zwicky via dmarc-discuss wrote: > > I meant t

Re: [dmarc-discuss] exegesis: pass and fail together

2016-07-07 Thread Elizabeth Zwicky via dmarc-discuss
I meant to say that the spec is unclear about what you do about **reporting** multiple DKIM results. It's perfectly clear on how to evaluate them. Elizabeth On Thursday, July 7, 2016 9:32 AM, Elizabeth Zwicky via dmarc-discuss wrote: SPF can pass without being a relevant pas

Re: [dmarc-discuss] exegesis: pass and fail together

2016-07-07 Thread Elizabeth Zwicky via dmarc-discuss
SPF can pass without being a relevant pass for DMARC; DMARC requires it not only to pass but also to align with From:. As Alessandro pointed out, your DMARC record specifically prevents a lists.openlib.org SPF pass from being an openlib.org DMARC SPF pass. And yes, it's entirely possible for a

Re: [dmarc-discuss] ARC adoption

2016-06-28 Thread Elizabeth Zwicky via dmarc-discuss
Previous ways of adapting to DMARC involved changing mailing list semantics; ARC doesn't. That's a theoretical reason to believe it may get adoption where other things didn't. The practical one is that there are mailing list systems working on code, and mailing list operators I've spoken too a

Re: [dmarc-discuss] hello all

2016-06-14 Thread Elizabeth Zwicky via dmarc-discuss
DMARC doesn't say anything at all about Reply-to; it only covers the From: line.So if AOL is enforcing a restriction based on Reply-to, it isn't doing so based on DMARC. Requiring Reply-to domain to match or relate to From: is a nice further protection, particularly for non-DMARC domains, but n

Re: [dmarc-discuss] Troubleshooting MS ruf

2016-05-24 Thread Elizabeth Zwicky via dmarc-discuss
Use DKIM if you want to maximize passes. Forwarding occurs in many places, and SPF can never survive forwarding. Elizabeth On Tuesday, May 24, 2016 9:51 AM, Carlos P via dmarc-discuss wrote: Hi, I am having trouble trying to diagnose why some mails are being reported. Attached is an

Re: [dmarc-discuss] non-dmarc related - yahoo fbl

2016-02-12 Thread Elizabeth Zwicky via dmarc-discuss
If you're having trouble with Yahoo's DMARC implementation, let me know. We should be following DNS without issues -- note that DNS propagation times and DMARC reporting cycles often mean this is frustratingly slow.  DMARC makes no promises about whether reports will be sent to the address in p

Re: [dmarc-discuss] amazon.de fail

2015-06-16 Thread Elizabeth Zwicky via dmarc-discuss
In one version you also havedkim=pass (1024-bit key; unprotected) header.d=amazon.de  header.i=@marketplace.amazon.de header.b=AOE4Rr31 which is an aligned pass because marketplace.amazon.de inherits amazon.de's record which doesn't specify strictness of alignment and therefore defaults to rela

Re: [dmarc-discuss] Yahoo! DKIM Signing Practices Produce Fragile Signatures

2014-10-06 Thread Elizabeth Zwicky via dmarc-discuss
Yes, we intend to drop Content-Length. Elizabeth Zwicky From: Scott Kitterman via dmarc-discuss To: dmarc-discuss Sent: Monday, October 6, 2014 11:01 AM Subject: [dmarc-discuss] Yahoo! DKIM Signing Practices Produce Fragile Signatures With obvious implications for DMARC failures. 

Re: [dmarc-discuss] DMARC woes - forwarding signed / encrypted e-mail

2014-06-02 Thread Elizabeth Zwicky via dmarc-discuss
Google has always overridden DMARC for some mailing lists, a usage which is explicitly allowed in the DMARC spec. I for one don't find it surprising that they added ietf.org -- and presumably some other lists -- to the set of mailing lists they do that for after there was worldwide press coverage