offtopic: rant about thoughtless enabling DMARC checks [was: Re: Bounces?]

[Michael A. Peters]

On 2/9/19 10:48 AM, Juri Haberland via dovecot wrote:
> On 09/02/2019 10:44, Aki Tuomi via dovecot wrote:
>> For some reason mailman failed to "munge from" for senders with dmarc policy ;(
>>
>> It's now configured to always munge to avoid this again.
> 
> I'd say, let Mailman throw all people off the list that have enabled DMARC
> checking without using exceptions for the lists they are on. It's a known
> fact that DMARC does not cope well with mailing lists. Blindly enabling
> DMARC checks without thinking about the consequences for themselves should
> not be the problem of other well behaving participants.
> 
> Most people use OpenDMARC and there are patches to mark certain hosts as
> mailing lists senders, so it is possible.

can you please let me know where to find those patches?

I ran DMARC in testing on one domain and had to disable it because over 
95% of the reports were false positives from mailing lists, and the few 
that were genuine spoofed would have easily been caught by spam/malware 
filters anyway.

However a project I am working on, DMARC is highly desired. Designing a 
white-list for known mailing lists is something I want to do.

Honestly I was sort of tempted to try and create my own DMARC validator 
(I was thinking one daemon that does both DKIM and DMARC - for postfix, 
Exim has DKIM native but I only use Exim for submission) that tried to 
sniff Mailman and not enforce it but it looks like it would be very time 
consuming.