Mailing list questions (DMARC, ARC, more?)
Alessandro Vesely
vesely at tana.it
Thu Sep 1 10:07:02 UTC 2022
On Mon 29/Aug/2022 12:09:10 +0200 Matus UHLAR - fantomas wrote:
> On 25.08.22 18:10, Alessandro Vesely wrote:
>>
>> The lack of interest by others proves that From: munging is not so much of a
>> nuisance as they say...
>
> This will come sooner or later, however:
>
> earlier this year I've done small dmarc research for our client:
>
> - microsoft software (on-premise exchange and 365) does not DKIM-sign DSN
> e-mail (delivery and non-delivery notifications) although those have sending
> domain in From: (I guess domain is added after sig generated)
So do I, relying on SPF for DNSs.
> - only a few % of domains has other DMARC policy than none
> - mailman 2 (used here) only munges From: when domain DMARC policy for the
> sending domain is other than none.
Which is insecure. While I keep p=none, anyone can post a spoof using my email
address as From: and pretend to be me. It never happens, but some people
believe it /cannot/ happen.
>>>> I see the list operates both From: munging and ARC sealing. While I'm
>>>> clear about the former, I'm curious about how ARC works:
>>>>
>>>> Do any subscribers trust the seal by isc.org?
>
> I guess most of recipients use predefined configurations, e.g. no whitelisting.
>
> out of curiousity, I set my opendmarc.conf:
>
> DomainWhitelist lists.isc.org
>
> so we'll see next time mail comes.
Please tell us.
Mailman should know about your setting in order to skip From: munging in the
copies sent to you. Currently, the copies sent to pipermail for archiving seem
to be non-munged, so this functionality exists.
Best
Ale
--
More information about the bind-users
mailing list