:: Re: [DNG] Again, again: DMARC is a…
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] Again, again: DMARC is a no-win problem for mailing lists (was: Can we fix this DMARC thing?)
One note about my advice to OSI on December 1, 2018: That was, IIRC, my
earliest attempt to advise fellow GNU Mailman listadmins about how to
contend with the DMARC problem. A probably-mistaken small datum in
what I said to OSI now sticks out:


> Yahoo and Gmail are examples of sending domains with strict DMARC
> policies.


Correction: Either that was never true about GMail, or it was at the
time of writing, but is no longer. (More likely the former.) Today:

~ $ dig -t txt _dmarc.gmail.com. +short
"v=DMARC1\; p=none\; sp=quarantine\; rua=mailto:mailauth-reports@google.com"

Substring 'p=none' means _not_ an aggressive/strict DMARC policy[1] --
unlike, say, yahoo.com's published policy:

:r! dig -t txt _dmarc.yahoo.com. +short
"v=DMARC1\; p=reject\; pct=100\; rua=mailto:dmarc_y_rua@yahoo.com\;"


What _is_ true of GMail is that it enforces upon receipt at GMail all
published DMARC policies of SMTP-sending domains (as relatively few
SMTP-receiving domains yet do). Ergo, often one of the places mailing
lists first notice delivery problems owing to aggressive DMARC policies
is among subscribers receiving their subscription mail on GMail, who
suddenly aren't getting some mailing list traffic, report their
subscriptions disabled on account of mysteriously high 'bounce scores'
or get mysteriously unsubscribed (for the same reason).

Back when I was advising OSI, I probably confused the issues of GMail's
strong application of _other_ domains' DMARC policies with its lack of
an aggressive policy published for outbound gmail.com mail.


What's linuxmafia.com's published policy, you might ask:

:r! dig -t txt _dmarc.linuxmafia.com. +short
"DMARC: tragically misdesigned since 2012. Check our SPF RR, instead."


[1] gmail.com's 'sp=quarantine' in the DMARC TXT RR is a policy for any/all
subdomains, one of innumerable baroque features that'll eat your evening
if you start studying the hideous thing.

-- 
Cheers,                          "Maybe the law ain’t perfect, but it’s the only
Rick Moen                        one we got, and without it we got nuthin'."
rick@???              -- U.S. Deputy Marshal Bass Reeves, circa 1875
McQ! (4x80)