On Oct 26, 2016, at 11:36 AM, Franck Martin <fmar...@linkedin.com<mailto:fmar...@linkedin.com>> wrote:
Couple of points... 1) https://github.com/linkedin/dmarc-msys/blob/master/dmarc.lua#L804<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_linkedin_dmarc-2Dmsys_blob_master_dmarc.lua-23L804&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=hDD4-nPPyBu_1mywET_mBGcElRBl6KNh6Zl5oYeShVM&e=> This is how we detect if the email is likely to be from a mailing list. I parse the logs from time to time, and put exceptions in our local policy. Awesome. I don't have a good place in our mail flow to put something like this, but it certainly seems like a feature request to my partners :) 2) very few lists discard DMARC protected emails on reception. So as long you don't post too often, you are not triggering the unsubscribe due to bounce function in mailman... It's not the list discarding DMARC, I accidentally enabled enforcement inbound, and bounced a bunch of mail from a Google employee through an IETF mailing list. It's whether the ultimate recipients reject the mail as to whether or not we'll get unsubscribed. 3) we tell our employees to use personnal email addresses for mailing lists... It makes sure they are not speaking on our behalf ;) For non-work related lists, this is fine and the way we'll likely go. For things that are directly work related this isn't a reasonable option for us. 4) GApps DKIM signs all the emails with <customerdomain>.gappssmtp.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__gappssmtp.com&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=_XoQC4NVb7n1WYwgSSXzArix4Yggz3vYMPInHGFa7R0&e=> until said customer DKIM signs with its own domain (because they want all emails to be authenticated). Yeah, but why are they showing up in _my_ DMARC reports? On Tue, Oct 25, 2016 at 1:14 PM, Payne, John via dmarc-discuss <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> wrote: > On Sep 27, 2016, at 12:23 PM, Terry Zink via dmarc-discuss > <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> wrote: > >> Somewhat related (to my earlier post) - are there any _enterprises_ on this >> list that have >> experience or are currently attempting to either go p=reject or enforce >> DMARC policies inbound? > > I just wrote one for Microsoft: > https://blogs.msdn.microsoft.com/tzink/2016/09/27/how-we-moved-microsoft-com-to-a-pquarantine-dmarc-record/<https://urldefense.proofpoint.com/v2/url?u=https-3A__blogs.msdn.microsoft.com_tzink_2016_09_27_how-2Dwe-2Dmoved-2Dmicrosoft-2Dcom-2Dto-2Da-2Dpquarantine-2Ddmarc-2Drecord_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=MqBeSM06lR4ty4r8zNucKDlk3jvkh0Qah-SW1wTjMZM&e=> This is the blog post I wanted to write :) I'm just behind on getting to p=quarantine. There are 2 things slowing me down: 1. As I just replied to Franck - enforcing inbound (which is my primary goal) - I need to handle mailing lists (and I don't want to wait for ARC adoption). So I have to figure out all the mailing lists my users are posting to so I can whitelist those IPs coming back unless anyone wants to share a list? :) 2. Google seems to report itself as a DMARC failing sender for unrelated domains to me. This really started in earnest in March, but I'm getting 40k-60k what seem like unrelated reports a day, for example: Domain MAIL FROM DKIM domain SPF Auth DKIM Auth Total akamai.com<http://akamai.com> oppa.com.br<https://urldefense.proofpoint.com/v2/url?u=http-3A__oppa.com.br&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=rtlqCpIg6ZivlkZLSgiF1miH_AHJoPh4RFuE_99I4oo&e=> oppa-com-br.20150623.gappssmtp.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__oppa-2Dcom-2Dbr.20150623.gappssmtp.com&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=2WRrk-QbD3c6SGDsxBoU0dJ8hH4NobkdIQA5HLv8lqc&e=> Pass Pass 237 So that's killing my confidence on publishing p=quarantine (I can fake one inbound). Are others seeing this, or am I a special snowflake? Thanks John _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dmarc.org_mailman_listinfo_dmarc-2Ddiscuss&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=r8XbSCPWM75VrQ3AsZUbuvH8leM1jFKDwccNhdV81ss&e=> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dmarc.org_note-5Fwell.html&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=VZB3mxoaHOufiSM5PmcFdSC3X7QyR-UqbTVl9O2GXVI&m=muN8iCc9IrsFz5Xpe1BKqQYoYLfDoE09qlNlu578rB0&s=G2XG3VDNvahE8SqRDtPNIHFc3WGIAbnFMIEp12uBD3g&e=>)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
