On Fri, Apr 5, 2013 at 11:25 AM, Benny Pedersen <[email protected]> wrote:
> the bug is that dmarc should not be used with deep scanning on dmarc, it > should trust maillist server dmarc record, if it does not whats the point of > dmarc then ? It's hard to understand what you're skrevving. Full sentences and clearer statements might help. But here's my best guess: Since DMARC works based on the visible from address, there is no opportunity for the receiving site to work based off of "the maillist server's DMARC record." The mailing list server does not put a visible from address into the message, thus nothing the mailing list server does would be a criteria for DMARC interpretation by the receiver. In other words, if a receiving site chooses to follow DMARC policy (only), then they're doing the right thing by treating your mail negatively. > that sayed, its still not working with dkim, and spf forwards if google does > not trust maillist servers as trusted forwarders :( Yes, that is one possibility. But also, again, I question how wise it is to publish such a DMARC record for jun.eu if you desire to participate in mailing lists. For this to work every single receiver has to choose to manually implement a "trusted forwarder" override. I feel like you're asking every grain of sand on the beach to take action for you, even though what you're publishing in DNS is telling them the opposite of what you want to have happen. > i cant get dkim pass back here, but it works as designed on postfix / apache > maillists, fix the real problem first Who, exactly? What fix, exactly? My suggestion for a fix is: Don't publish a DMARC reject policy unless you're a big brand who gets phished a lot. There's a lot of consideration related to that, but your domain seems like a hobbyist domain, which seems like would meet no common criteria as far as a recommendation to implement DMARC. Not well known, not actively, repeatedly phished, has active individual users participating in mailing lists. All of these suggest to me that your policy choice may be the wrong one. At any rate, I've made my point, I'll let it drop. I don't know that I'll change your mind any time soon, but I do want to at least get it out there for others to see that folks need to be careful with regard to choice of DMARC policy, and I think this is a good example to highlight as far as why. Regards, Al Iverson _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
