offtopic: rant about thoughtless enabling DMARC checks [was: Re: Bounces?]
Michael A. Peters
mpeters at domblogger.net
Sat Feb 9 21:13:41 EET 2019
On 2/9/19 10:48 AM, Juri Haberland via dovecot wrote:
> On 09/02/2019 10:44, Aki Tuomi via dovecot wrote:
>> For some reason mailman failed to "munge from" for senders with dmarc policy ;(
>> It's now configured to always munge to avoid this again.
> I'd say, let Mailman throw all people off the list that have enabled DMARC
> checking without using exceptions for the lists they are on. It's a known
> fact that DMARC does not cope well with mailing lists. Blindly enabling
> DMARC checks without thinking about the consequences for themselves should
> not be the problem of other well behaving participants.
> Most people use OpenDMARC and there are patches to mark certain hosts as
> mailing lists senders, so it is possible.
can you please let me know where to find those patches?
I ran DMARC in testing on one domain and had to disable it because over
95% of the reports were false positives from mailing lists, and the few
that were genuine spoofed would have easily been caught by spam/malware
However a project I am working on, DMARC is highly desired. Designing a
white-list for known mailing lists is something I want to do.
Honestly I was sort of tempted to try and create my own DMARC validator
(I was thinking one daemon that does both DKIM and DMARC - for postfix,
Exim has DKIM native but I only use Exim for submission) that tried to
sniff Mailman and not enforce it but it looks like it would be very time
More information about the dovecot