On Friday, March 29, 2013 8:03 PM [GMT+1=CET],John Levine wrote: > > > I'm not checking DMARC, but wouldn't this mail be rejected > > > according to your DMARC policy if I were? (I'd presume not, or > > > you wouldn't have set things up this way, but what am I missing?) > > > > > > > http://www.dmarc.org/faq.html#r_2 > > http://www.dmarc.org/faq.html#s_3 > > https://code.launchpad.net/~mlm-author/mailman/2.1-author > > > > Don't forget as a receiver you can always overwrite the DMARC > > disposition for stuff you strongly care about. > > I take it that you're agreeing that Linkedin's DMARC is wrong, and > receivers should add special case code to ignore it if they want mail > you send to mailing lists.
But is it wrong, Linkedin's DMARC in those posts? Hmmmm, let's see. Obviously, the SPF-mechanism in not aligned in his posts when the mailing list software forwards them to the list's subscribers (RFC5321.MailFrom becomes dmarc-discuss-bounces_at_blackops.org while RFC5322.From keeps being fmartin_at_linkedin.com); and I see that the mailing list software is injecting a DKIM signature for d=dmarc.org (A) in addition to the original DKIM signature for d=linkedin.com (B). Obviously, (A) is not aligned with a RFC5322.From of fmartin_at_linkedin.com, but is (B) not valid anymore? Why would the mailing list software tamper with the body of the message to render the (B) DKIM signature invalid? Oh, OK, I see that the mailing list software injects a footer in every post to the list. I see how that could break the (B) DKIM signature for the original post. So, given that he is not using the "l=" DKIM tag in the original (B) DKIM signature for d=linkedin.com, I guess that means that his posts to the list effectively fail a DMARC test and therefore should be rejected by any list subscriber who may happen to be checking for DMARC authentication on email reception, unless such list subscribers are explicitly whitelisting his posts to override the linkedin.com's DMARC explicit policy of: "v=DMARC1; p=reject; pct=100" I think this means that DMARC when using a "reject" policy breaks mailing lists. And that is ugly. Regards, J. Gomez _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
