[Mailman-Users] Executive summary of DMARC issues

mail.ulticom.com gaa at ulticom.com
Fri May 16 16:13:53 CEST 2014

> On May 16, 2014, at 5:49, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> Gary Algier writes:
>> I ran some tests this morning.  I created an Exchange distribution list here 
>> and added myself five ways on the list:
>> 1. On our Exchange server (how I receive internal emails)
>> 2. On a local Linux server running sendmail and dovecot (how I receive "real 
>> mail")
>> 3. A Yahoo address.
>> 4. A Gmail address.
>> 5. An iCloud address.
>> I then sent an email to the list and to my work sendmail address.
> Where did you send the mail from, what address was in "From", and what
> host did the DKIM signing?  Does the domain listed in "From" have a
> DMARC record?
Sorry, I forgot to mention that I sent from yahoo for these tests. The From: header said XXXX at yahoo.com.

>> The DKIM checks seem to be good.  So, it seems that nothing has
>> changed in the content or checked header.  It must be SPf.
> It could be SPF, but if it is it has nothing to do with DMARC.  DMARC
> accepts either SPF or DKIM as evidence of authenticity.  That is,
> either may fail as long as at least one succeeds.
> If it is indeed SPF, then it doesn't matter what you use.  The problem
> is that the host where the distribution list or mailing list is hosted
> is not SPF-authorized, and almost certainly not which MTA or MLM you
> use.
> I'm not sure if you care about DMARC, or just whether it gets
> through.  But if the latter, I'm not at all clear on exactly what
> you're trying to test.
My management wants to replace our in-house email with an Exchange Online (aka MS365) solution. Several high priced consultants have told them that Exchange can do it all.  I am trying to prove otherwise.

Actually to be fare, two consulting firms have said:
1. Exchange can't do what Mailman can. 
2. MS365 can't work with Mailman.
3. MS365 will cost more, don't do it.
They are being ignored because they did not supply the answers wanted.

>> % dig +short TXT _spf.mail.yahoo.com
>> "v=spf1 ptr:yahoo.com ptr:yahoo.net ip4: ip4: ?all"
> This is mostly unrelated to Yahoo's behavior when receiving messages.
> Amusingly enough, RFC 7208 deprecates the "ptr" mechanism strongly.

More information about the Mailman-Users mailing list