On Wed 2015-08-05 17:04:30 -0400, Jonas Maebe wrote: > On 05/08/15 23:00, mancha wrote: >> OpenSSL is certainly not alone in its practice of mangling headers >> and adding body footers so I'd be curious to hear how other lists >> handle domains such as yahoo.com. > > We warn people that DKIM-using domains may experience bounces, and > that they should subscribe using a different email address to our > lists. Yahoo/AOL switching it on before the probably most used mailing > list manager could handle it certainly did not help in creating > goodwill. Even now the mailman version included in our distribution > still can't handle it, and manually installing and maintaining a > different one is not something we care to do.
fwiw, the intersection between dkim/dmarc and mailman policy affects even people who don't have dkim/dmarc enabled for their domains. mailman effectively puts subscribers on hold if some threshold number of mails sent to them bounce. if a subscriber's mail exchanger respects dkim/dmarc reject policy, even if they do not set it for their own domain, then all messages sent through mailman from a "dmarc reject" domain will bounce for that subscriber. So if Alice from yahoo.com (which has "dmarc reject") sends mail through mailman, which sends it to Bob from example.com (which doesn't have "dmarc reject" set, but respects it from other domains), Bob's mail exchanger will bounce the message. If Alice sends enough mail through mailman, mailman will rack up one bounce from Bob per message, and mailman will eventually unsubscribe Bob as a result. afaict, mailman 2.1.9 or rejecting all mail from domains with "dmarc reject" are the only sane paths through this thicket. bleah. --dkg _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev