[Mailman-Users] Executive summary of DMARC issues

Stephen J. Turnbull stephen at xemacs.org
Fri May 16 11:49:35 CEST 2014


Gary Algier writes:

 > I ran some tests this morning.  I created an Exchange distribution list here 
 > and added myself five ways on the list:
 > 1. On our Exchange server (how I receive internal emails)
 > 2. On a local Linux server running sendmail and dovecot (how I receive "real 
 > mail")
 > 3. A Yahoo address.
 > 4. A Gmail address.
 > 5. An iCloud address.
 > 
 > I then sent an email to the list and to my work sendmail address.

Where did you send the mail from, what address was in "From", and what
host did the DKIM signing?  Does the domain listed in "From" have a
DMARC record?

 > The DKIM checks seem to be good.  So, it seems that nothing has
 > changed in the content or checked header.  It must be SPf.

It could be SPF, but if it is it has nothing to do with DMARC.  DMARC
accepts either SPF or DKIM as evidence of authenticity.  That is,
either may fail as long as at least one succeeds.

If it is indeed SPF, then it doesn't matter what you use.  The problem
is that the host where the distribution list or mailing list is hosted
is not SPF-authorized, and almost certainly not which MTA or MLM you
use.

I'm not sure if you care about DMARC, or just whether it gets
through.  But if the latter, I'm not at all clear on exactly what
you're trying to test.

 > % dig +short TXT _spf.mail.yahoo.com
 > "v=spf1 ptr:yahoo.com ptr:yahoo.net ip4:206.108.40.0/27 ip4:199.16.139.0/26 ?all"

This is mostly unrelated to Yahoo's behavior when receiving messages.

Amusingly enough, RFC 7208 deprecates the "ptr" mechanism strongly.



More information about the Mailman-Users mailing list