[Mailman-Users] cause of bounces
gtaylor at tnetconsulting.net
Wed Oct 18 14:57:55 EDT 2017
On 10/18/2017 12:35 PM, Mark Sapiro wrote:
> DMARC is not the problem. It is perfectly reasonable for say, irs.gov to
> publish DMARC p=reject as long as mail From: irs.gov is not an
> employees personal post to an email list. Presumably the IRS would have
> rules against that.
> The problem is when general ESPs that provide addresses in their domain
> for anyone to use for any personal purpose publish DMARC p=reject.
I question what the fine line distinction will be for what domains can /
should use DMARC (or the next disrupting technology). Further, I
question why domains that don't qualify, should be excluded from using
I suspect that we should also agree to disagree on this.
> ARC has the potential to help. When say a yahoo.com user posts to a list
> on my server and the list sends the post to a hotmail.com user, ARC
> allows me to certify that Yahoo's DKIM signature was valid when I
> received the mail, then I broke the sig but resigned the mail with my
> domain's sig and sent it on to Hotmail. Now there is a chain by which
> Hotmail can verify my sig and the fact that I certify Yahoo's sig. The
> crux however is Hotmail has to trust me. Now if I'm GoogleGroups,
> Hotmail will probably trust me but if I'm mail.python.org there might be
> a mechanism by which I can ask Hotmail and every other ISP to trust me,
> but is that going to work in practice. I think that remains to be seen.
It sounds like you have the same concern / unknown that I do. What do I
need to do to get <someone> to trust my ARC signature. - Is ARC
overloading my published DKIM key without clearly stating that it's
using it? Or is there something else that I'm not aware of? Or is it
simply a white list, or trust list, type issue.
If it's the latter, I feel like ARC has a design flaw before it even
gets out of the gate. I hope that's not the case.
Grant. . . .
unix || die
More information about the Mailman-Users