$ dig +short -t txt _dmarc.paypal.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
I'm on lots of lists with Paypal employees, who consistently use
paypal-inc.com addresses, specicially to avoid DMARC problems.
They realized
I'm on lots of lists with Paypal employees, who consistently use
paypal-inc.com addresses, specicially to avoid DMARC problems.
$ dig +short -t txt _dmarc.paypal-inc.com
v=DMARC1\; p=reject\; rua=mailto:d...@rua.agari.com\;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com;
No joy
Arguably, the correct response to DMARC filtering _should_ be the MIME
encapsulation of list mail, with appropriate RFC 2369 headers added to
the enclosing MIME structure leaving the content un-munged, with all
information from the original poster intact. Arguably, MUAs should be
transparent to
Actually, From: domains can request reports even if DMARC p=none. It is
unclear what might be done with these reports, but given what some
domains have done with DMARC already, I for one would not be surprised
if this information was used to color the reputation of the sending server.
Note that
So, addresses get rewritten as:
From: yahoousername-at-yahoo@mydomain.com
My sense is that someone could come up with arguments as to why this is
a bad idea, ...
It's a bad idea for the same reason that all of the other anti-DMARC
hacks are a bad idea, they break the existing usage of mail.
From: yahoousername-at-yahoo@mydomain.com
Under the current unpleasant circumstances, it's not much worse than
any other, give or take what you do with the replies. Do you forward
them back to the original user? Reject with a mysterious failure
code? Discard them?
Thank you for your
I just realized that setting the digest option could be a temporary
solution for my Yahoo and AOL subscribers
Just make sure you set it for *all* users, not just those using Yahoo!
and AOL.
You only need to implement it for subscribers using mail systems that
implement DMARC rejections.
My understanding is that DMARC WAS going through the standardization
process, and actually was to the state where experimental use was
justified (and in some sense actually required). ...
No, not at all. DMARC was designed and implemented by a small closed
group of large companies listed on the
Until spammers figure out they can send mail
From: spam...@evildomain.com
X-Original-From: whate...@yahoo.com
This is one of the most annoying things about Yahoo and AOL's misuse
of DMARC -- they're practically forcing people to use hacks to show
unauthenticated fake From: lines.
R's,
John
a) It seems to me that this or something like it (i.e. new de facto
standard headers to work around the problem) is surely an almost
inevitable outcome anyway.
I wouldn't count on it. The reasonable approach to this kind of
nonsense is for the relatively small set of ISPs using DMARC policy to
I was wondering about asking someone to make a Mailman handler that
would re-write the From: address after munging to:
From: Jane Doe (j...@example.com) via listname l...@example.net
My question now is, is there any reason why re-writing it this way would
be a bad idea?
Well, of course, it's a
Yahoo Groups also add something like this in a footer:
Posted by: a real name a-n...@a-domain.co.uk
and a series of mailto links below that for replying to the original sender
or to the group.
Well, won't this break DKIM?
Yes, but if it also takes the real author address out of the From:
I think munging the headers is a sensible practice, as it makes it
a little harder to listwash; the main idea of the FBL as I understand it
is to give you an idea when there's some kind of gross abuse, not that
you are required to unsubscribe anyone who complains about your mail.
Munging FBLs is
I have a somewhat different issue. I am using dmarc_moderation_action =
Munge From, and when an AOL user posts to the list, the list message
sent back to the user bounces with 521 5.2.1 : AOL will not accept
delivery of this message. (in reply to end of DATA command)). The same
messages sent to
In article CADK0o8yxnQzr-mM=phxpwog+0p0oh+dkztp14z_fvwyhp8_...@mail.gmail.com
you write:
This morning all of my subscribers with aol addresses were automatically
unsubscribed from my list.
Why today? I thought all the DMARC issues had been resolved in the latest
mailman version, and it's been 8
# 1) as long as the list is not anonymous, the original From: address
#should be obviously exposed, i.e. not just in a header that MUAs
#don't display.
Have you tried any sort of reversible rewriting? On my lists, sending
addresses in dmarc'ed domains get a local domain appended on the
>The issue is that list posts sent to AOL subscriber addresses are now bouncing
>as undeliverable with the bounce code: "521
>5.2.1 : AOL will not accept delivery of this message."
I see that you have a yahoo.com address. If there's a yahoo.com
address on the From: line of the list mail, AOL
>As Mark related, I suspect the issue is DNS related, and AOL is just finally
>cracking down on mail sent from this particular list server.
If you told us what the domain was, we could provide a lot more help.
Really, we don't bite, if you want help, provide the information that
will let people
In article <57e49a8d.1030...@sgeinc.com> you write:
> From a quick look, it looks like base64 encoding. Invented back in the
>dialup/uucp days when transport was not always 8bit clean so things were
>encoded to make sure only transportable characters were used.
Well, actually, we uucp users
>subscriber. Are there smtp service providers allowing unverified email
>address to send out emails, or do I have other solutions?
There are cloud hosting providers that let you send mail directly, although
I can't vouch for the deliverability, since you're typically on a network
full of dusty
In article <20170608234027.gu8...@nntp.aegisinfosys.com> you write:
>Do you think your analysis will change now that AOL and Yahoo! are
>now both part of Verizon?
Probably not. Verizon's folded their legacy mail system into AOL's.
Maybe they'll merge the AOL and Yahoo mail systems, but I would
In article <7e0bd0e4-b837-4d76-3c14-a0b6dfda9...@tnetconsulting.net> you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>On 08/21/2017 02:08 PM, John Levine wrote:
>> which defines a one-click opt-out link that uses POST rather than GET,
>> since the URL malware fetchers all d
In article <201708210145.v7l1io7x003...@fire.js.berklix.net> you write:
>> Maybe this would foil ISPs who are automatically following this link to
>> unsubscribe people. Do ISPs really do this?
There are plenty of anti-spam schemes that fetch all the URLs in a
message to see whether they're
In article <851008d1-e6dd-bafe-9e85-e1ebaf1b8...@msapiro.net> you write:
>So my first question is how/why are the posts being held?
Because the people posting from usenet aren't list subscribers. They
read the messages on usenet.
>> When mailman mdoerates the message, it sends the usual
In article <8d629943-93d6-2546-71f9-4484d8ecf...@msapiro.net> you write:
>cron/gate_news
I'm not using that. My news server isn't on the same network as
the mailman system, and the gateway is basically a few lines of
procmail and formail I've been using for a decade to splice usenet
groups
I run a two-way usenet <-> mailman gateway. When I forward someting
from the usenet group to mailman, it gets moderated, which is what I
want since a fair amount of the stuff in the usenet group is spam.
When mailman mdoerates the message, it sends the usual moderation
message to the usenet
In article
you write:
>On 12/28/2017 12:57 PM, Jordan Brown wrote:
>> Wikipedia tells me that DMARC passes if either SPF or DKIM passes.
That is correct.
>Sending domain administrators can require that *both* SPF /and/ DKIM
In article <885f93f0-36ec-d74f-7c5f-52b42f2d6...@jordan.maileater.net> you
write:
>Hmm. It would take MUA changes to be fully effective, but a possibility
>that comes to mind is to have mailing lists leave the original message
>absolutely unmodified, but wrap it in a message that comes "from"
In article <885f93f0-36ec-d74f-7c5f-52b42f2d6...@jordan.maileater.net> you
write:
>Hmm. It would take MUA changes to be fully effective, but a possibility
>that comes to mind is to have mailing lists leave the original message
>absolutely unmodified, but wrap it in a message that comes "from"
In article <20180804141855.7510026c1...@sharky3.deepsoft.com> you write:
>-=-=-=-=-=-
>
>Do you have access to your inbound mail server? If so, you need to arrange for
>that server to *reject* all mail connections from qq.com. qq.com is a
>*notorious* source of spam (there are no legitimate E-Mail
In article <1ca714d0-da89-aa23-d247-4faa2133b...@msapiro.net> you write:
>DMARC checks won't help prevent posts that spoof a member address unless
>every list member's domain publishes a DMARC policy of quarantine or
>reject, and even then it only checks the From: domain and not the domain
>of
In article
you write:
>On Sun, Jul 22, 2018 at 3:18 PM Grant Taylor via Mailman-Users <
>mailman-users@python.org> wrote:
>
>> On 07/21/2018 02:24 PM, John Levine wrote:
>> > I know people working on whiteish lists to use with ARC, to say that
>> > thes
In article <78baab65-f7d3-ce56-bc36-a16a15118...@spamtrap.tnetconsulting.net>
you write:
>> If AOL and Yahoo just used the quarantine option for DMARC, it wouldn’t
>> have been quite as bad. But they ABUSED DMARC by their settings.
>
>I still don't grok what you are considering "abuse" in this
In article <88902b3b-7cb3-7991-15c4-4dbc10762...@msapiro.net> you write:
>In that sense, many of us think that the person who wrote the post is
>still the author even if the list made a few simple changes that didn't
>alter the basic text of the original message while the list is a Sender:
>
In article
you write:
>On 07/19/2018 05:27 PM, Mark Sapiro wrote:
>> The problem is downstream has to trust me. If I'm gmail.com, I'll probably
>> be trusted. If I'm msapiro.net, probably not. Python.org, who knows.
>
>Yep.
>
>I've not yet seen any indication that there will be any good way to
In article you write:
>On 07/19/18 17:11, John Levine wrote:
>> In article
>> you write:
>>> Yes. Just about everything can be spoofed to some degree. It really
>>> depends on what information the owner of the purported sending domain
>>> publishe
In article <0590fe51-3f96-754d-d155-af0eb9ca4...@spamtrap.tnetconsulting.net>
you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>On 07/19/2018 04:59 PM, Phil Stracchino wrote:
>> Actually, mailing lists and other redistribution are among the places
>> DMARC notably breaks.
>
>Does DMARC actually break or
In article
you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>On 07/22/2018 02:03 PM, John Levine wrote:
>> No, it was specified in full knowledge that it would break pretty much
>> every mailing list on the planet if used on domains with human users,
>> instead of its i
In article <1fb88a39-0acd-f34f-c504-9eb217a75...@spamtrap.tnetconsulting.net>
you write:
>Is there some place that I can find out more about these people and / or
>their projects?
See the archives of the ARC mailing lists.
>Aside: What does hosting mailing lists or not have to do with
In article
you write:
>Yes. Just about everything can be spoofed to some degree. It really
>depends on what information the owner of the purported sending domain
>publishes and what filtering / consumption of said information the
>receiving server exercises.
Well, you know, this is what
?
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.
In article you write:
>Hi,
>
>Unfortunately, yes, I have seen this behavior from Microsoft. I have no
>idea what triggers it, but my Linode IP has been blocklisted twice, once
>a bit over three years ago, and another time less than two weeks ago.
It may well not be you. Linode does a poor job
In article <5b99c857.19328.61f1d...@bernie.fantasyfarm.com> you write:
>Well, something changed between Thursday and Friday, because posts to the list
>were fine and this one generated a bounce for every gmail member.
Any chance that the message in question had a From: address in a
domain that
address that takes the
contents of the messages and passes it to the SMS API. (Stripping out
all the extra cruft, of course.)
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before readin
st and do DMARC rewrites
even for domains without DMARC policies, but I'd suggest contacting
whoever is subscribed there and encourage him or her to subscribe from
an address that isn't gratuitiously hostile to mailing lists.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The
It appears that Mark Sapiro said:
>> FWIW, a couple of my regular correspondents have said that DO generally
>> does not have a great email reputation, and that they're moving lists to
>> other platforms.
>
>That's probably correct, but are there other cloud VPS providers that
>are better at
46 matches
Mail list logo