On Feb 28, 2014, at 1:02 AM, Murray S. Kucherawy <[email protected]> wrote:
> On Thu, Feb 27, 2014 at 11:22 AM, Matt Simerson <[email protected]> > wrote: > > Matt's message, as evaluated by Gmail, failed alignment, and was > > consequently marked as spam. > > Thanks to DMARC reports, the sender is quite aware. Of course I'd prefer that > this list didn't invalidate my DKIM signatures. I'd also prefer that Google's > SPF recognized that this list server is SPF permitted for @tnpi.net. But > that's outside my ability to influence. > > Have you reported that to Google? Surely I have, and you likely have too, dozens of times over months and months, using this cool new email technology called DMARC. ;-) I may have done so again by pointing out the issue on this list. But no, I didn't ever raise the issue with Google because back when I first noticed it I still: a) wanted to fully understand the consequences of posting to lists with p=reject b) having recipients on this list that validate SPF differently provides useful information c) I haven't done enough debugging to determine exactly why it fails d) Quite a few @gmail recipients on this list are conditioned to check their Junk folders, so end up getting the messages anyway For everyone besides Murray, the most serious consequence of posting to lists from a domain with p=reject is upsetting the list administrator. That's why when I remember, I post here from my @gmail address. When I forget, I get DMARC reminders. :-) >> $ spfquery --mfrom [email protected] --ip-address=`dig medusa.blackops.org >> +short` >> pass >> Received-SPF: pass (tnpi.net: Sender is authorized to use '[email protected]' in >> 'mfrom' identity (mechanism 'include:lists._spf.tnpi.net' matched)) >> receiver=rmbp.local; identity=mailfrom; envelope-from="[email protected]"; >> client-ip=208.69.40.157 >> >> Until we have a solution that lets DMARC mail securely transit email lists, >> our two legged DMARC table will wobble. > > 2) Since the ADSP days, the advice has been to have a separate domain or > subdomain for users versus transactional mail; the latter would be > DMARC-protected, while the former would not. I understand the inconvenience > this causes for the users, but I would also note that some large Internet > properties (Facebook, Google, PayPal and Yahoo off the top of my head) have > gone this route and they survived somehow. I, and others, have not gone that route and yet we too have survived. There are consequences to both approaches. Matt _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
