Re: NANOG List posts and DMARC
On 8/2/22 8:46 PM, Chris Adams via NANOG wrote: > Once upon a time, Bryan Fields said: >> The list is configured to wrap anyone posting from a domain with a with a >> DMARC Reject/Quarantine Policy (dmarc_moderation_action). If you don't have >> this set on your domain, the list will not wrap your message (which is the >> correct behavior as it breaks other things). > That is not the case right now; it appears to be modifying ALL senders > since earlier today (about 12:20pm CDT) . Your message has "From: Bryan > Fields via NANOG " even though you have no DMARC record > at all. Yes, I'm trying to get to the bottom of what if anything happened with the admin team. This is really broken at this point as munging from breaks DKIM signing if present in the original email. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net signature.asc Description: OpenPGP digital signature
Re: NANOG List posts and DMARC
Once upon a time, Bryan Fields said: > The list is configured to wrap anyone posting from a domain with a with a > DMARC Reject/Quarantine Policy (dmarc_moderation_action). If you don't have > this set on your domain, the list will not wrap your message (which is the > correct behavior as it breaks other things). That is not the case right now; it appears to be modifying ALL senders since earlier today (about 12:20pm CDT) . Your message has "From: Bryan Fields via NANOG " even though you have no DMARC record at all. -- Chris Adams
Re: NANOG List posts and DMARC
On 8/2/22 1:16 PM, Jared Mauch wrote: > Can someone flip the option in Mailman for DMARC please, it’s problematic as > if one posts and does DMARC and has feedback on, our messages are possibly > rejected, and the feedback from a post is quite large. > > Not sure who manages it anymore these days. You can reach the admin at adm...@nanog.org. The nanog-ow...@nanog.org goes there too, so there's practically no reason to go on list with such things. The list is configured to wrap anyone posting from a domain with a with a DMARC Reject/Quarantine Policy (dmarc_moderation_action). If you don't have this set on your domain, the list will not wrap your message (which is the correct behavior as it breaks other things). Hit up the admin team and we'll look at it. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net signature.asc Description: OpenPGP digital signature
Re: NANOG List posts and DMARC
It appears that Jared Mauch said: >Can someone flip the option in Mailman for DMARC please, it’s problematic as >if one posts and does DMARC and has feedback on, our >messages are possibly rejected, and the feedback from a post is quite large. I checked with Jared and he seems to misunderstand the meaning of the DMARC failure reports he is getting. (I get them too, lots of them, and file and ignore them.) They do not indicate any sort of delivery problem. Please do *not* change the DMARC settings for p=none since it degrades the list mail and makes it much harder to tell who is sending each message and who to reply to. R's, John
Re: NANOG List posts and DMARC
> On Aug 2, 2022, at 4:31 PM, John Levine via NANOG wrote: > > It appears that Michael Thomas via NANOG said: >> >> On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote: >>> It's been doing it for ages for p=reject, but not p=none (the latter >>> being Jared's situation) > > I don't understand Jared's concern. His DMARC policy, like mine, is p=none > which tells receivers to do nothing DMARC-y with our messages. I don't get > any sort of blowback from nanog posts that I can recall seeing. > >> I'm sort of surprised that an org would have p=reject when its users use >> outside mailing lists. > > Unfortunately, we lost that battle a long time ago. It's "more secure" and > "best practice" so go away. Much like inline replies v top-posting and etc.. I did manage to get someone to flip the setting so hopefully I’m not getting a lot of bounce back from this e-mail. Thanks to the kind soul who flipped the setting. - jared
Re: NANOG List posts and DMARC
It appears that Michael Thomas via NANOG said: > >On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote: >> It's been doing it for ages for p=reject, but not p=none (the latter >> being Jared's situation) I don't understand Jared's concern. His DMARC policy, like mine, is p=none which tells receivers to do nothing DMARC-y with our messages. I don't get any sort of blowback from nanog posts that I can recall seeing. >I'm sort of surprised that an org would have p=reject when its users use >outside mailing lists. Unfortunately, we lost that battle a long time ago. It's "more secure" and "best practice" so go away. R's, John
Re: NANOG List posts and DMARC
On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote: On Tue, 2022-08-02 at 11:24 -0700, Michael Thomas via NANOG wrote: On 8/2/22 11:18 AM, Chris Adams via NANOG wrote: Once upon a time, Chris Adams said: Once upon a time, Jared Mauch said: Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large. The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. Oh, or someone just changed the config per your request. :) I have p=none but my From got rewritten on this message. I think it's been doing this for ages. It was the first time I'd seen From rewriting in the wild iirc. It's been doing it for ages for p=reject, but not p=none (the latter being Jared's situation) There are toggles in MM2 to do DMARC address rewriting for p=none and p=quarantine in addition to p=reject. I'm sort of surprised that an org would have p=reject when its users use outside mailing lists. Most mailing lists probably don't even have From rewriting or the mailing list operator is clueless about the problem. (think: non-technical mailing lists). Mike
Re: NANOG List posts and DMARC
On Tue, 2022-08-02 at 11:24 -0700, Michael Thomas via NANOG wrote: > On 8/2/22 11:18 AM, Chris Adams via NANOG wrote: > > Once upon a time, Chris Adams said: > > > Once upon a time, Jared Mauch said: > > > > Can someone flip the option in Mailman for DMARC please, it’s > > > > problematic as if one posts and does DMARC and has feedback on, our > > > > messages are possibly rejected, and the feedback from a post is quite > > > > large. > > > The list is doing the DMARC handling (From rewrite) for senders with a > > > DMARC p=reject. > > Oh, or someone just changed the config per your request. :) I have > > p=none but my From got rewritten on this message. > > I think it's been doing this for ages. It was the first time I'd seen > From rewriting in the wild iirc. It's been doing it for ages for p=reject, but not p=none (the latter being Jared's situation) There are toggles in MM2 to do DMARC address rewriting for p=none and p=quarantine in addition to p=reject. -Jim P.
Re: NANOG List posts and DMARC
On 8/2/22 11:18 AM, Chris Adams via NANOG wrote: Once upon a time, Chris Adams said: Once upon a time, Jared Mauch said: Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large. The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. Oh, or someone just changed the config per your request. :) I have p=none but my From got rewritten on this message. I think it's been doing this for ages. It was the first time I'd seen From rewriting in the wild iirc. I'm not understanding what problem Jared is talking about. Mike
Re: NANOG List posts and DMARC
Once upon a time, Chris Adams said: > Once upon a time, Jared Mauch said: > > Can someone flip the option in Mailman for DMARC please, it’s problematic > > as if one posts and does DMARC and has feedback on, our messages are > > possibly rejected, and the feedback from a post is quite large. > > The list is doing the DMARC handling (From rewrite) for senders with a > DMARC p=reject. Oh, or someone just changed the config per your request. :) I have p=none but my From got rewritten on this message. -- Chris Adams
Re: NANOG List posts and DMARC
Once upon a time, Jared Mauch said: > Can someone flip the option in Mailman for DMARC please, it’s problematic as > if one posts and does DMARC and has feedback on, our messages are possibly > rejected, and the feedback from a post is quite large. The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. -- Chris Adams