Benny,
I would remind you that the Note Well terms linked at the bottom of each
message include "you agree to participate in a ... cordial manner". I would
suggest that your conduct has slipped a little below that standard[1], and that
it might be helpful and productive to take a different tack.
Your quoted example doesn't make sense to me, it shows a DMARC pass
("Authentication-Results: linode.junc.eu; dmarc=pass header.from=dmarc.org").
What's your concern?
Receivers are free to require DNSSEC if they wish of course, however (a) making
this mandatory in the standard would not make DMARC materially better at
solving the problem that it's designed to solve, and (b) it would eliminate a
very large fraction of DMARC's ability to block fraudulent email. Consequently,
it would not be a useful change to the specification.
The same reasoning applies to requiring that all DKIM signatures pass in order
to yield a DMARC pass.
Blacklisting a DKIM signer is an option open to receivers, yes, but receiver
policy choices are by definition not part of the DMARC specification.
Your concerns about email client limitations are widely appreciated, but are
out of scope for this list in that we're not in a position to fix them.
- Roland
1:
- "wake up admins" is clearly not cordial
- "i am also unimpressed of that dmarc can pass with no dnssec, badly designed"
likewise (other members of the group do not exist to impress you)
- "bad designed on thiese maillist" could only be regarded as cordial if it
were a step in an argument linking agreed criteria to a better implementation,
however the situation in this case is that you happen not to agree with the
criteria that the list administrator is pursuing, but apparently want to
acknowledge this, meaning that your choice of terms is pejorative and not at
cordial
From: dmarc-discuss <[email protected]> on behalf of Benny
Pedersen via dmarc-discuss <[email protected]>
Sent: Wednesday, 5 October 2016 02:27
To: Elizabeth Zwicky
Cc: [email protected]
Subject: Re: [dmarc-discuss] dmarc.org breaks dkim & dmarc
On 2016-10-04 19:41, Elizabeth Zwicky wrote:
> The DMARC on the mailing list passes when it reaches me -- it appears
> that something in the path between you and dmarc.org is the problem
> with breaking the DKIM signature.
correct, did i get a problem on postfix maillist ?
> Since it's dmarc.org's DKIM signature, it's put on after all the
> mailing list handling, so I'm not sure why anybody thinks mailing list
> handling is involved?
dmarc.org have choiced to take over ownerships, and now its there
problem
thats why you see dmarc still pass, but its not the originating domain
sender
what will happend if opendmarc skips last signer if multiple signed ?,
imho opendmarc should really be more dnssec strict, and make all dkim
keys pass before it does dmarc pass, my msgs do pass on dmarc.org
mailserveres, but since thay fix some unknown problem with mailman it
will not give dkim pass on return, and hell broke out with it :(
as it is now we all loose on it :/
createing arc as another problem to solve does imho not make dkim more
unstable or better, there was nothing to fix really, sadly
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
