On 2018-04-09 11:09:37 (-0500), Jesse Thompson wrote:
The amount of DMARC data for a large decentralized university is daunting, so my approach is to compartmentalize issues that can be addressed.

Thank you for collecting and analysing this data!

Even on a much smaller scale than yours, DMARC is at least "daunting". Write-ups of real-world experiences on non-trivial setups are very helpful.

Looking at the data for the second-level domain, I see 322 obvious forwarding/list services that break DKIM signatures. There are tens-of-thousands of servers sending indirect mail flow, but it's mostly mailbox hosters autoforwarding mail for users (with, I'm sure, a lot of distribution lists mixed in to that flow) but I will focus on that problem later.

When you say "obvious": do you have a rough idea of how many of these 322 are 'managed' mailing lists (e.g. mailman or similar) and how many are dumb forwarders like alias expansions?

So, of the 322 obvious list services. How many of them do I need to reach out to convince them to upgrade their lists to rewrite in a DMARC compliant fashion? I was hoping that there was a way to trigger a subset of that 322 so that:

1) I know how many of them are "dormant" DMARC compatible. Check them off the list and move on to the problematic list servers.

If you can identify lists managed by mailman, you could try to poke their web frontends to check the version. You'll still need to convince the people running them to do the DMARC munging though.

Several mailing lists will also simply reject mail from DMARC domains. There is probably nothing you can do about that.

I'm looking for ways to start tackling these issues, get the attention of a hundred thousand people to convince them to stop squatting on the second-level domain, all without knowingly triggering their mail to be treated as spam.

I am very interested in seeing how this works out. Do share your experiences with this list!

Many thanks.

Philip Paeps
Senior Reality Engineer
Ministry of Information

mailop mailing list

Reply via email to