On Jan 22, 2014, at 1:15 PM, Steve Atkins <[email protected]> wrote:
> > On Jan 22, 2014, at 12:17 PM, Franck Martin <[email protected]> wrote: > >> >> On Jan 22, 2014, at 11:39 AM, Andreas Schulze <[email protected]> wrote: >> >>> >>> Hello, >>> >>> I think about starting to reject messages failing the DMARC test for >>> domains announcing p=reject. >>> I'm unsure about losing messages or auto-unsubscribing some people from >>> lists because >>> OpenDMARC has currently no ability to exclude known, list managers like >>> this server. >>> (as far as I know) >>> >>> How do you handle this situation? >>> Opinions / Suggestions ? >>> >> >> Help by whitelisting all the mailing lists you are subscribed to, but do not >> worry too much about the consequences this is a problem with the sender, not >> the receiver. >> >> from http://www.trusteddomain.org/opendmarc/opendmarc.conf.5.html >> you can use: >> IgnoreMailFrom >> IgnoreHosts >> >> tho the later is better me thinks. > > IgnoreMailFrom is based on the visible From: - which would be very much the > wrong thing - I think? yes indeed, don't use this one :P > > More generally, I don’t think you should ever whitelist domains that are > requesting p=reject. If you’re going to comply with p=reject requests, comply > with them from every source. That will, briefly, cause problems for mailing > list operators, but only until they put the (fairly well understood) fixes > for that in place. Ad-hoc whitelisting of IP addresses is a band-aid that > won’t help much, and a horrible security hole, and a management nightmare. > Large mailbox providers know when mail come from a mailing list, so whitelisting at large scale does not seem much of an issue For small domain, like the one I suspect Andreas manages, knowing all the mailing lists his users are on, should not be too much of a drag The middle ground is a bit more complicated. I don't think It is much of a security hole if implemented as indicated in the ticket, little malware come from mailing lists. Mailing lists are not usually a threat vector, list admins do well their jobs. But yes, this is ad-hoc and pragmatism helps here.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
