On 8/10/12 2:29 PM, "Andreas Schulze" <[email protected]> wrote:
>> A) You don't need to split transactional and personal mail into separate >> domains, because stuff like mailing lists that would cause DMARC >>problems >> is in fact whitelisted. > >asked again: > >I have a domain used by individuals and also for transactional mails. >(the company brand ...) >I setup spf and dkim sign all mail. > >How will a receiver distinguish a legit mail resent via a mailing list >( spf fail & dkim is broken by the listserver, equals to no dkim at all) >from a forged email from a spamsender >( spf fail & no dkim signature at all) > >I am also in the role of a receiver. >How do I reliable identify mailing-lists? Where is a definition? I took the simple approach to check if there is a List-id header in the emails I reject. I write that piece of information in my logs. I then scan the logs, and add the appropriate IPs to a whitelist. Next time round, before I reject, I check the IP is in the whitelist and there is a List-id, if true, then I accept the email, and tag it as mailing_list. The code is at: https://github.com/linkedin/dmarc-msys However, I have trouble to figure out from what IPs yahoo groups are sending fromÅ I'll devise a better strategy as we go... _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
