[Mailman-Users] DMARC and gmail
Mark Sapiro
mark at msapiro.net
Wed Jul 19 11:05:42 EDT 2017
On 07/19/2017 06:13 AM, Kevin Nowaczyk via Mailman-Users wrote:
> ... dmarc_none_moderation_action is No. ...
> After changing to "Munge From" it still has a DMARC fail. What are the differences that I should be seeing after changing the dmarc_moderation_action? Here is an authentication header of a message from a gmail user to a gmail user.
gmail.com publishes DMARC p=none
_dmarc.gmail.com. 399 IN TXT "v=DMARC1; p=none;
rua=mailto:mailauth-reports at google.com"
Thus, you will see no differences in mail From: gmail.com unless you
also set dmarc_none_moderation_action to Yes. (Note that this setting is
not really recommended and is not available in Mailman 3's DMARC
mitigations.)
The underlying issue may be (speculating here) that Gmail doesn't like
mail From: gmail.com with broken gmail.com DKIM signatures. If so, this
is contrary to the recommendation of the DKIM standard RFC 6376. Section
6.3 of that RFC says in part:
If the email cannot be verified, then it SHOULD be treated the same
as all unverified email, regardless of whether or not it looks like
it was signed.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list