On Mon, Apr 07, 2014 at 11:38:05AM -0400, John R Levine wrote: > > It is a well known limitation of DMARC that there are some legitimate > sending practices that it does not and cannot describe. Mailing lists are > the leading example, but there are others like mail an article from a > newspaper's web site. If Yahoo can't get this right, we're all in > trouble.
The fault lies on both sides: Mail lists do two things that make life difficult: 1. Attaching trailing boilerplate to every message, which breaks the dkim signature, unless the poster's system puts the length attribute into the sig, which is frowned on (but I do it anyway). 2. Adding a tag to the subject line. There appears to be nothing that a sender can do to avoid this or keep the dkim sig valid. On the other hand, neither the DMARC spec nor implementations contemplate coping with mailing lists, which makes it all but impossible for DMARC ever to be used in practice to reject messages. On the third hand, it's not clear what DMARC could do to identify an email that legitimately passed through a list exploder, or even a forwarding alias. And, of course, anyone posting to a big email list triggers a DMARC report from every list member's system that supports DMARC. There is a certain irony in that both the dmarc-discussion and opendmarc lists break DMARC. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
