On 01/22/2014 10:15 PM, Steve Atkins wrote:
On Jan 22, 2014, at 12:17 PM, Franck Martin <[email protected]> wrote:
On Jan 22, 2014, at 11:39 AM, Andreas Schulze <[email protected]> wrote:
Hello,
I think about starting to reject messages failing the DMARC test for domains
announcing p=reject.
I'm unsure about losing messages or auto-unsubscribing some people from lists
because
OpenDMARC has currently no ability to exclude known, list managers like this
server.
(as far as I know)
How do you handle this situation?
Opinions / Suggestions ?
Help by whitelisting all the mailing lists you are subscribed to, but do not
worry too much about the consequences this is a problem with the sender, not
the receiver.
from http://www.trusteddomain.org/opendmarc/opendmarc.conf.5.html
you can use:
IgnoreMailFrom
IgnoreHosts
tho the later is better me thinks.
IgnoreMailFrom is based on the visible From: - which would be very much the
wrong thing - I think?
More generally, I don’t think you should ever whitelist domains that are
requesting p=reject. If you’re going to comply with p=reject requests, comply
with them from every source. That will, briefly, cause problems for mailing
list operators, but only until they put the (fairly well understood) fixes for
that in place. Ad-hoc whitelisting of IP addresses is a band-aid that won’t
help much, and a horrible security hole, and a management nightmare.
In my view, the question in the Subject of this message, boils down to
the question: is it safe to assume that every sender c.q. owner of a
domain that is publishing a p=reject policy, has published this policy
with full consideration of the possible consequences of it? If the
answer to this question is 'yes', then there is no need to whitelist. If
the answer to this question is 'no', then there's still no need to
whitelist, as starting to maintain a whitelist means you as receiver are
busy solving the problems created by the sender.
/rolf
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
