Am 27.03.21 um 15:43 schrieb Hans-Martin Mosner via mailop:
Am 27.03.21 um 15:29 schrieb Hans-Martin Mosner via mailop:One problem with SPF/DKIM/DMARC is that due to non-malicious manipulation of messages (for example forwarding etc.) messages may look invalid at the receiving site.I just noticed that the mails in this mailing list are such an example.
Apparently the mailing list system does not
perform DMARC mitigation on mails, so the original sender's DKIM signatures become invalid. If you had a DMARC policy of "reject" and our mail system would strictly adhere to the policy, your mail would be rejected. Is that your (the sender's) will?
Yes, there are such cases but I don't think they apply for this list.Yes - the list breaks DKIM (which is already something which should be avoided since I do not see a need to modify the body with a footer
But SPF passes in general for mails from that list because the sender is @mailop.org (not many lists do it like this though). Because of the above SPF is even "aligned" and therefore DMARC passes that message.
What I'm missing nevertheless as another mitigation on that list is an ARC-Message-Signature and an ARC-Seal from the listserver.
While saying that I'm not decided if a DMARC reject must be totally respected. I actually would not set a reject policy myself but stick to quarantine. Wondering if one can assume that if someone goes the extra mile of DMARC he also understands the impact on a reject policy though.
Wolfgang
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
