On 2018-04-09 11:09:37 (-0500), Jesse Thompson wrote:
The amount of DMARC data for a large decentralized university is
daunting, so my approach is to compartmentalize issues that can be
Thank you for collecting and analysing this data!
Even on a much smaller scale than yours, DMARC is at least "daunting".
Write-ups of real-world experiences on non-trivial setups are very
Looking at the data for the second-level domain, I see 322 obvious
forwarding/list services that break DKIM signatures. There are
tens-of-thousands of servers sending indirect mail flow, but it's
mostly mailbox hosters autoforwarding mail for users (with, I'm sure, a
lot of distribution lists mixed in to that flow) but I will focus on
that problem later.
When you say "obvious": do you have a rough idea of how many of these
322 are 'managed' mailing lists (e.g. mailman or similar) and how many
are dumb forwarders like alias expansions?
So, of the 322 obvious list services. How many of them do I need to
reach out to convince them to upgrade their lists to rewrite in a DMARC
compliant fashion? I was hoping that there was a way to trigger a
subset of that 322 so that:
1) I know how many of them are "dormant" DMARC compatible. Check them
off the list and move on to the problematic list servers.
If you can identify lists managed by mailman, you could try to poke
their web frontends to check the version. You'll still need to convince
the people running them to do the DMARC munging though.
Several mailing lists will also simply reject mail from DMARC domains.
There is probably nothing you can do about that.
I'm looking for ways to start tackling these issues, get the attention
of a hundred thousand people to convince them to stop squatting on the
second-level domain, all without knowingly triggering their mail to be
treated as spam.
I am very interested in seeing how this works out. Do share your
experiences with this list!
Senior Reality Engineer
Ministry of Information
mailop mailing list