[Mailman-Users] (relatively) new DMARC issues - and Gmail

Lindsay Haisley fmouse at fmp.com
Sat Mar 31 18:33:54 EDT 2018 

On Sat, 2018-03-31 at 17:57 -0400, Richard Damon wrote:
> On 3/31/18 3:35 PM, Lindsay Haisley wrote:
> > 
> > On Sat, 2018-03-31 at 14:50 -0400, Richard Damon wrote:
> > > 
> > > To me the issue sounds like why is fmp.com forwarding spam?
> > > 
> > > If this is a case of fmp.com offering forwarding mailboxes to users, who
> > > might be using gmail as a final destination, then yes, fmp needs to try
> > > to be as good at detecting spam as gmail or users need to accept the
> > > increased spam levels.
> > If pigs could fly ....!  I do the very best job I can of filtering spam
> > from inbound email, and get about 90% of it, maybe more, but fighting
> > spam is a forever job of whack-a-mole. I certainly wish that I could do
> > as good a job of parsing spam from legit email as Gmail does, but I'm a
> > one-person shop, and have many tasks. Gmail has dozens, perhaps
> > hundreds of very smart people assigned to managing their spam
> > filtering, and they do a very good job of it. I could _never_ hope to
> > match their efficiency or accuracy, nor could most small operations
> > such as FMP Computer Services.
>
> But coming at least close is the job you sign up for in being a mail 
> forwarder. You at least need to be good enough that you aren't seen by 
> google as an uncaring domain, and maintain enough information that they 
> can continue to do what they do well.

Rest assured, we "come at least close". This is not an option here,
it's a necessity. Email redirection is a feature of my MTA (Courier)
and has been offered since FMP went into business in the 1990s. It's a
standard feature of many MTAs and many ESPs offer it.

I've had to deal with Gmail's honey-potting before, and I can do it
again if necessary. I don't imagine that you've ever done commercial
email administration, Richard, or you might have something constructive
to say instead of just spewing admonitions to "do better".

> > 
> > The problem is that Gmail is whitelisting based on the From address,
> > rather than the Reply-To address, which should be an _option_ open to
> > users. On Google's scale of operation, I'm just a fly on a dog turd so
> > any feature which might benefit my users and subscribers is pretty much
> > a no-nevermind for them.
>
> Which is why I was saying make a 1:1 mapping of From addresses to 
> Reply-To addresses.

The From address _has_ to be from an address at fmp.com, which is the
reason for From-munging in the first place. If you don't understand how
DMARC works, or the problems it causes, Mark, or someone else on this
list can send you to a reference on it. The Reply-To address is EITHER
the original Reply-To address on the received email, or, if it had
none, the ORIGINAL From address. Mapping the Reply-To address to the
munged From address makes no sense at all.

> > > Another option is to deterministically munge the from address so every
> > > incoming email address gets a unique fmp address that it represents (it
> > > doesn't have to be absolutely unique, mostly unique is likely good
> > > enough), something like replace the at with _at_ and add a tail wart
> > > like _dmarc at fmp.com (so you can have other addresses an not worry about
> > > possible overlaps with those) and use that as the from address. Then a
> > > reply will only whitelist that specific original from address.
> > Which, as I noted in my original post, will cause the Gmail user's mail
> > account to end up with a whole lot of useless whitelisted address which
> > would need to be deleted, and FMP's server might well end up getting
> > blacklisted as a result.
> No more than if GMail did implement a white-list on Reply-To addresses.

No, because the Reply-To address is the _original_ From address. Such a
whitelisting would be useless as long as Gmail's policy with regard to
DMARC rejection remains in place, but unless we get into some kind of
meta-heading BS, it's the best we might do.

-- 
Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson

More information about the Mailman-Users mailing list