[Mailman-Developers] MM3 DMARC mitigations
Mark Sapiro
mark at msapiro.net
Sat Nov 5 12:06:37 EDT 2016
On 10/31/2016 03:08 PM, Eric Searcy wrote:
>
> That reminds me. I have a proposed idea for another nice-to-have, that
> I'm mentioning now in case it has any impact on the architecture you are
> describing. Some email systems (e.g. Exchange) do not accept any
> inbound email crossing their edge that uses their own From domain. It's
> like a tiny microcosm of DMARC but only for their domain, and there is
> no way for the outside world to know about their policy. However, when
> a member of the community says they get all list messages *except those
> from their colleagues*, it's clear they have this kind of setup. It
> would be great to have a customizable-by-sender-domain munge-or-wrap
> filter that let me add other domains to get the same treatment as
> domains that don't publish DMARC -- even if not needed for general
> receipt of their messages, so that emails to others at the same domain
> on the list can be received. (This functionality doesn't exist in mm2
> either.)
Adding Mailman-Developers to the recipients.
As I noted in the original thread, this would not be difficult to add,
but it won't be in the initial implementation of DMARC mitigations for
MM 3 (see <https://gitlab.com/mailman/mailman/merge_requests/215> for
more on that).
However, I've just become aware that Microsoft has implemented another
"feature". So far, the info I have is this is limited to their "hosted
mail services", but it may well spread. What they are doing is looking
at incoming mail for signs of spoofing/phishing and if found, they place
a prominent notice
This sender failed our fraud detection checks and may not be who they
appear to be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>
in the message. The issue for us is that one of the tests is the To: and
From: addresses are the same. That means that any message To: a list
with DMARC mitigations applied will be sent From: the list and any
recipients using these Microsoft services will see that warning in the
list message[1].
How long will it be before this spreads to all Microsoft email services
<sigh>?
[1] I first became aware of this via the thread at
<http://lists.mailscanner.info/pipermail/mailscanner/2016-November/104001.html>.
There it was the poster who saw the warning in his copy of the list
message and mistakenly thought it was a rejection of his post to the
list. The reply at
<http://lists.mailscanner.info/pipermail/mailscanner/2016-November/104017.html>
has interesting info.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20161105/ed82b615/attachment.sig>
More information about the Mailman-Developers
mailing list