On Friday, January 24, 2014 4:46 PM [GMT+1=CET], John Levine wrote: > > > 1. the listserver implement none of http://dmarc.org/faq.html#s_3 > > None of the current advice is useful for people who don't want to > screw up useful features of their lists. (The "OAR" header is > harmless, > but doesn't fix the innocent victim bouncing off the list problem.) > > Please add this bullet above the first one: > > * Check DMARC on incoming mail, and refuse mail to the list from > domains that have a p=reject or p=quarantine policy. > > I have actually implemented this on my running lists.
And what about this additional bullet in that section of the FAQ: * Check plain-SPF before checking DMARC, and if SPF-result is pass then skip DMARC processing. For example, messages coming from this mailing list ( [email protected] ) do pass a plain-SPF check because the sending IP address ( 208.69.40.157 ) is allowed for the domain of the MAIL-FROM address ( [email protected] ) in its SPF record in DNS. So if you would do an old-style SPF check before the DMARC check, and the result is pass, then you could skip the DMARC processing altogether and no mailing list problem would arise. Ain't it so? After all, DKIM itself does not state policy, but SPF itself is indeed capable of stating policy... Regards, J. Gomez. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
