[Mailman-Users] DMARC issues
Stephen J. Turnbull
stephen at xemacs.org
Sun Apr 13 08:14:29 CEST 2014
Peter Shute writes:
> I don't know if we are doing SPF/DKIM ( or what they are).
You should ask the people responsible for your mailserver. SPF and
DKIM in themselves are good things because they prevent rejections of
mail that you send directly to another domain that implements them,
and because it's evidence to reasonable people that you follow best
practice. If you/they are not doing it, you/they should.
How they work: SPF and DKIM are separate protocols that provide a
certain degree of authentication for the *hosts* that transmit mail
claiming to originate in a domain. The protocols work (more or less)
by publishing a list of IP addresses that are allowed to send mail
from the domain. Since it's information attached to a domain, you get
that list from the domain's name server. There's a bit of crypto
technology involved so that receivers can trust the information.
The problem is that the only IP address that you can trust at all is
the direction connection from the host you receive the message from.
In other words, although Internet mail is designed as a "store and
forward" system where messages are passed from host to host until they
reach their destination (where they user's mailbox is), effectively
these protocols allow only one hop, or authentication fails.
In the case of DMARC (a "super" protocol that specifies how to use
this information), a domain is allowed to *demand* that you reject the
mail if authentication fails. That means that mailing lists (which
necessarily involve at least two hops in most cases of interest)
*always* fail authentication at *every* destination conforming to
DMARC.
Yahoo! is lighting up a cigar in an elevator filled with pregnant
women. :-( Fortunately, I suspect that they are about to bring down
the wrath of Olympus upon themselves as their users start losing mail
and being refused service on mailing lists, etc. This is a snafu on
the order of Microsoft's backward compatibility break with Office '97
or so.
Regards,
Steve
More information about the Mailman-Users
mailing list