Re: DMARC: perspectives from a listadmin of large open-source lists

[Scott Kitterman <scott@kitterman.com>]

On Tuesday, April 08, 2014 06:06:27 Sabahattin Gucukoglu wrote:
> On 8 Apr 2014, at 05:21, John R Levine <johnl@taugh.com> wrote:
> > Mailing list apps can't "implement DMARC" other than by getting rid of
> > every feature that makes lists more functional than simple forwarders.
> > Given that we haven't done so for any of the previous FUSSPs that didn't
> > contemplate mailing lists, because those features are useful to our
> > users, it seems unlikely we'll do so now.
> Well,  Mailman 2.1.16 has the FROM_IS_LIST feature that "Fixes" the problem
> by putting the list address in the From: field.  That seems to work, except
> that you lose information (the sender's address) if the list wants to
> operate a policy of "Reply goes to list".  You can then assure that DKIM
> signatures are valid and set up SPF, etc.  This also has the effect of
> letting you operate through the various cloud email platforms that try to
> validate sender addresses.
> 
> But I agree it's broken.

It's unrelated to SPF.  SPF uses Mail From and so on lists that aren't just 
forwarders, the list already uses it's own Mail From.  The only way SPF gets 
roped into this thing is the DMARC use of SPF plus an insistence on "identity 
alignment" to add a requirement that the From domain is in the same domain as 
Mail From.  That's not SPF's fault.

DMARC is interesting for the feedback reports, but I'm certainly not 
publishing reject policies on any domains I have that have real users.

Scott K