[Mailman-Users] DMARC and Gmail

Barry Warsaw barry at list.org
Wed Apr 16 22:25:51 CEST 2014

On Apr 17, 2014, at 04:34 AM, Stephen J. Turnbull wrote:

>Sure, but that's the tradeoff that DMARC explicitly makes.  DMARC
>thinks that rejecting spam and phishing is sometimes more important
>than delivering legitimate mail, and that the provider of a mailbox is
>the appropriate entity to make that decision.

Of course, it really doesn't help with phishing because with a slight tweak of
the domain (or even a similar enough non-ascii domain), you can still put
phishing links in the body and I'll bet you'll still fool most people who
would be tricked anyway.

>It's not limited to mailing lists, either.  Anybody who has a
>forwarding mailbox is at some risk (in a personal .forward this is a
>simple pass-through preserving the DKIM signature so it should be OK,

Yeah that sucks too.  I sure hope none of the FLOSS projects I work on never
publish a DMARC reject.


More information about the Mailman-Users mailing list