On Mar 29, 2013, at 6:55 PM, Franck Martin <[email protected]> wrote:
> > On 3/29/13 5:47 PM, "John Levine" <[email protected]> wrote: > >>> 5) Set p=reject without taking this advice into account and then be >>> shocked and horrified that mail >>> you wanted to deliver is rejected. >> >> It's worse than that. If you set p=reject and send mail to lists, you >> will hurt innocent bystanders. >> >> If recipients implement DMARC in good faith and do what it says, and >> your mail starts arriving from lists, the recipients will reject that >> mail, which the lists will see as delivery failures. With enough >> delivery failures, those recipients will be bounced off the list due >> to your malfeasance. >> >> This exact thing happened on some IETF lists when DKIM was young and >> some MTA operator overimplemented ADSP and treated "discard" as >> reject. >> >> The right thing to do is not to send mail to lists from domains that >> have a policy other than p=none. I agree with your outline of the >> reasonable options. > > Are you telling us that mailing lists do not make the difference between a > hard bounce or a soft bounce? This seems like a bug to me. DMARC p=reject will lead to a hard bounce. Too many hard bounces will lead to a recipient being removed from a mailing list. "Too many" may quite often be one bounce. Any mail sent to a mailing list from a domain with a DMARC p=reject policy could reasonably be considered a malicious attack on the integrity of the mailing list server. A minimal defense against this would be to refuse any mail sent to a mailing list from any email address in a domain with a DMARC p=reject policy. I would encourage mailing list managers to do this. It leads to other beneficial results as well as defending recipients against this particular hostile behaviour. More aggressive responses would be to reject subscription requests from users in domains with p=reject, and to remove existing subscribers with those policies. Cheers, Steve _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
