On Apr 26, 2013, at 6:28 PM, Douglas Otis <doug.mtv...@gmail.com> wrote:
> On Apr 25, 2013, at 11:51 PM, Matt Simerson <m...@tnpi.net> wrote: > >> I noticed there's a dearth of DMARC implementations. I wanted to try DMARC >> so I wrote my own. Mostly. I haven't completed the reporting feature. > > Dear Matt, > > Murray rightfully decided ATSP as it is will not get off the ground. IMHO, > requiring mailing lists to change DKIM signature was a poor choice. A better > approach is to signal ATPS within DMARC policy assertions. I presume this is the ATPS you are referring to? http://www.ietf.org/rfc/rfc6541.txt > It would limit ATPS transactions to only when a message failed DMARC && DMARC > indicated use of ATPS which would entail one additional DNS transaction for > mailing lists to remain functional. > > To really get DMARC to work as advertised, DKIM needs to be repaired. I haven't read the entire RFC but I get the gist that DKIM and mailing lists is somehow broken. I haven't seen that issue yet except on this list. But I only just rolled out DMARC on a half dozen domains, with about as many users. So perhaps that's a problem I'm soon to become familiar with. > See: > http://www.bungi.com/Dom-v6.pdf I read the PDF. One thing that jumps out at me is the header prepending part. Isn't that why the DMARC spec says (in section 11.1) that messages with multiple From headers SHOULD be rejected? I don't see many of those in the wild. In the last 100,000 messages, I've seen exactly one instance of a message with multiple From headers. I have seen 69 other cases where a message had multiple To: headers. I don't reject on those failures but I do award negative karma. It's also worth nothing that those 100,000 messages that made it past DATA represent over a million connections. I reject over 90% of connections before DATA, using a combination of DNSBL, sender history, and "single-packet" message features (AS, geodesic distance) that I borrowed from SNARE. http://www.cc.gatech.edu/~feamster/papers/snare-usenix09.pdf Matt _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
