To start with, you'll have to explain why receivers should trust a sender to not lie about where they got the mail from in an ARC header field if they don't already trust the sender.
Scott K On Sunday, February 07, 2016 11:14:12 AM Franck Martin via dmarc-discuss wrote: > ARC will help, but there are many mailing lists that don't have DKIM or > even SPF. So even if ARC is available tomorrow, it may take years before > mailing lists adopt any solution. So someone will have to make a stand, to > get operators to deploy something. > > On Sun, Feb 7, 2016 at 10:10 AM, Al Iverson via dmarc-discuss < > > [email protected]> wrote: > > The mailing list question can be a bit tricky. Yeah, the DKIM > > signature is supposed to transport just fine, unless your MLM rewrites > > any header or content that breaks the signature. And when you deal > > with that, eventually you're going to run into list subscribers whose > > posts get rejected by some other subscribers, due to the poster's > > domain having a P=reject DMARC policy. > > > > I would say there's not a clear consensus on how best to handle > > mailing lists in a DKIM+DMARC world. A bunch of email folks are > > working on a standard called Authenticated Received Chain (ARC) that > > would in theory help to address issues with mailing lists. (See > > http://arc-spec.org/ ). But, we're a ways from being able to call that > > a solution. > > > > I'm a mailing list operator myself, at probably about the same level > > you are. (Instead of Mailman, I run a custom MLM that I wrote myself, > > mostly as a programming exercise.) What I have chosen to do is strip > > an existing DKIM signature, rewrite the from address if it appears to > > be a domain that has a restrictive DMARC policy, and then sign it with > > DKIM as the list domain. This works well for me, but not everybody > > agrees that it's the best path. I'm not the only one to have done > > something similar; Yahoo Groups, Google Groups Mail-list.com and > > OnlineGroups.net all send as the group instead of as the poster either > > all the time or as needed; and mailman can be configured similarly. > > > > Here's a link to an overview of the various issues in play for mailing > > lists, and info on what I and others have chosen to do to address it. > > http://www.spamresource.com/2015/02/dmarc-mailing-lists-roundup.html > > > > Here's where to go to learn more about what you can do with Mailman: > > http://wiki.list.org/DEV/DMARC > > > > Note: There will probably be at least one really angry reply to this > > post telling me how horrible this is and that I broke mailing lists. > > It'll be a rehash of an argument from more than a year ago. Truth be > > told, somebody else broke mailing lists; this is just how I personally > > decided to implement a fix that seems to work well for me. YMMV. > > > > Regards, > > Al Iverson > > > > -- > > Al Iverson - Minneapolis - (312) 275-0130 > > Simple DNS Tools since 2008: xnnd.com > > www.spamresource.com & aliverson.com > > _______________________________________________ > > dmarc-discuss mailing list > > [email protected] > > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > > > NOTE: Participating in this list means you agree to the DMARC Note Well > > terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
