On Jan 22, 2014, at 12:17 PM, Franck Martin <[email protected]> wrote:
> > On Jan 22, 2014, at 11:39 AM, Andreas Schulze <[email protected]> wrote: > >> >> Hello, >> >> I think about starting to reject messages failing the DMARC test for domains >> announcing p=reject. >> I'm unsure about losing messages or auto-unsubscribing some people from >> lists because >> OpenDMARC has currently no ability to exclude known, list managers like this >> server. >> (as far as I know) >> >> How do you handle this situation? >> Opinions / Suggestions ? >> > > Help by whitelisting all the mailing lists you are subscribed to, but do not > worry too much about the consequences this is a problem with the sender, not > the receiver. > > from http://www.trusteddomain.org/opendmarc/opendmarc.conf.5.html > you can use: > IgnoreMailFrom > IgnoreHosts > > tho the later is better me thinks. IgnoreMailFrom is based on the visible From: - which would be very much the wrong thing - I think? More generally, I don’t think you should ever whitelist domains that are requesting p=reject. If you’re going to comply with p=reject requests, comply with them from every source. That will, briefly, cause problems for mailing list operators, but only until they put the (fairly well understood) fixes for that in place. Ad-hoc whitelisting of IP addresses is a band-aid that won’t help much, and a horrible security hole, and a management nightmare. Cheers, Steve _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
