On Dec 20, 2013, at 1:05 PM, Tim Draegen <[email protected]> wrote: > On Dec 20, 2013, at 3:18 PM, Franck Martin <[email protected]> wrote: >> It is a known bug in mailing lists with bounce processing. >> >> Because they can't differentiate between a soft and hard bounce, basically >> they consider that there is no user at the email address when they get too >> many bounces. > > The whole idea that email can be reliably authenticated back to a domain is > sort of new. Mailing lists are still trying to figure out how to fit into > this brave new world. > > However, the bug that Franck alludes to is just that -- a bug. When list > operators are supplied with upgrade paths that solve these specific problems, > the issue becomes "how to get software upgraded", which is nice. > > Brass tacks: Run your domain with "p=reject" if you're confident that you've > covered all your legitimate email w/ DMARC. Tell the world that your email > is real and that you've taken time to make it easy for receivers to drop fake > stuff. > > If you're on an important mailing list that is impacted, tell the operator > that you'd like to continue to use DMARC. They probably don't have the tools > to do the right thing, but first step is raising awareness by actual users.
+1 Email lists have been invalidating DKIM signatures for years. Until very recently, with increasing DMARC adoption, there wasn't any reason for list operators to do anything about it. Now there is. As I became aware of the issue, I fixed my mailing lists, which was pretty easy: cd path/to/ezmlm/list; rm prefix text/trailer addtrailer Now my lists no longer invalidate DKIM signatures, and are thus "DMARC enabled." There are plenty of recalcitrant list operators that refuse to modify their config or update their software. For now, they can get away with band-aids like blocking DMARC messages, but I think time is on our side. Matt _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
