On April 8, 2014 7:28:53 PM EDT, Matt Simerson <[email protected]> wrote: > >On Apr 8, 2014, at 4:11 PM, Scott Kitterman <[email protected]> >wrote: > >> On April 8, 2014 6:50:29 PM EDT, Dave Crocker <[email protected]> >wrote: >>> On 4/8/2014 11:58 AM, Murray Kucherawy wrote: >>>> On 4/8/14 7:23 AM, "Dave Crocker" <[email protected]> wrote: >>>>> On the other hand, this has the classic problem of requiring >mailing >>>>> lists to change. That is, this approach does not help anyone >currently >>>>> and won't help much for a very long time, if ever. >>>> You're right that this is a paradigm change. Just to clarify, are >you >>>> saying those should be off the table outright, or merely that the >>>> community really really needs to understand the implications? >>> >>> The reticence of the broader mailing list community to participate >in >>> coordinated, incremental standards efforts does not encourage one to >>> try to reduce the trauma, but the damage done to end users should. >> >> Okay. I'll bite. >> >> For what I think of as a normal mailing list that uses its own mail >from and does DKIM signature breaking things like modifying the subject >line or adding a footer to the message with unsubscribe or list archive >information, what's the canonical solution to interoperating in a DMARC > with p=reject enabled world and where is it documented? > >http://dmarc.org/faq.html#s_3 > >And I quote: > >I operate a mailing list and I want to interoperate with DMARC, what >should I do? > DMARC introduces the concept of aligned identifiers. It means the >domain in the from header must match the d= in the DKIM signature and >the domain in the mail from envelope. >You have a few solutions: > > • operate as a strict forwarder, where the message is not changed and >the validity of the DKIM signature is preserved > • introduce an "Original Authentication Results" header to indicate >you have performed the authentication and you are validating it > • take ownership of the email, by removing the DKIM signature and >putting your own as well as changing the from header in the email to >contain an email address within your mailing list domain.
In other words: don't be a mailing list. Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
