On Thu, Feb 04, 2016 at 10:17:45AM -0300, Raphaël wrote: > Just got this reply from Laposte (going slightly off-topic for offlineimap) : > > > Bonjour > > Nous vous remercions pour votre conseil et allons étudier cette question > > attentivement. > > Nous étudions également le projet Authenticated Received Chain (ARC) > > Référence : https://tools.ietf.org/html/draft-andersen-arc-00 > == > > hi, thanks, we'll have a look at this. > > We're also studying ARC: https://tools.ietf.org/html/draft-andersen-arc-00
Ok. You're more lucky than me. I've followed the procedure online by filling their web form. Still had no response. I expect to have a response. I didn't know ARC but AFAICT, this is not the point. From my quick overview, I can't find how this can help. Thanks to let me know. ,-) > still about DMARC > A receiving email server implementing DMARC is not given other choice > than respecting the originating server DKIM policy. > > That's the point of DMARC. > Here, google respects a (somehow partial) RFC that laposte.net > implements too strictly/blindly. > > Accepting that a user could override DKIM decision is like disabling > part of the DKIM-spec marking "From:" unvalidated (and permitting an > attacker could tamper with the From: header, or at least this value of > From: header). Yes, that's exactly my point. IMHO, DMARC get things wrong by not allowing users to configure what they want. AFAIK, Google is one of the leaders of DMARC. > Also possible, it's probably not something most DKIM implementations > permit out-of-the-box (since is far, if not contrary, to the > specifications). Yes, that's true. I think no provider allow tuning of DKIM policies. > All of that does not explain SPAM issues of laposte.net for individual > email that are frequently experimented (blacklisting sometimes happened > too), but nowadays email headers are quite verbose. Plain true. However, I can see a significant difference between laposte.net and Gmail: while laposte.net has far less ressources, they are responding in few days while the leader compagny did not answered about this same issue for years, and still doesn't have. If they think they are not responsible, they should explain their POV to the users. I do think that leaders should be more concerned about users issues and how to improve things. In fact, what we can see is the opposite. They decide by themselves what's good for the users without taking their account into consideration. (Sadly, Google is not an exception and this tend to be true for all the leading compagnies.) Technically speaking, you're plain true: laposte.net probably has a real responsability in this issue. At least, that's what I'm seeing, too. I don't want to blindly ignore your point. DKIM must be correctly set on the sender side. Otherwise, this can't work fine. OTOH, we can't get a full understanding on what's hapenning while ignoring the context. Leaders decide what's the next technology to use, how to implement it and how to use it. In this case, DMARC is failing. The sender/receiver my have things broken. This could happen to anybody. Having to wait for an answer of a compagny without being able to tune the filters of the mail provider is where things really hurt. -- Nicolas Sebrecht _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
