On Sun, Mar 5, 2017 at 9:58 PM, Scott Kitterman <deb...@kitterman.com> wrote: > > > On March 5, 2017 3:08:49 PM EST, Vincent Danjean <vdanjean...@free.fr> wrote: >>Le 05/03/2017 à 16:29, Joerg Jaspert a écrit : >>> That would be the next step, DMARC, which is SPF plus DKIM plus some >>> extra DNS records. And DMARC then allow to tell other mail servers >>(that >>> follow DMARC) to get rid (spamfilter) mail that aren't from what your >>> DNS says it should be from (or aren't signed correctly/at all). But >>its >>> even more maintenance and burden for a group like Debian. >> >>Is it even possible? I was under the impression that DMARC plays very >>bad with mailing lists. If I recall correctly, mailman has to modify >>mails that come from a DMARC domain. > > It plays badly with mailing lists that modify messages in ways that cause > DKIM signatures to break (which is most, but not all of them). It's my > understanding that for lists.d.o based lists, the listmasters plan is to > configure lists so that DKIM signatures should survive.
Sympa is know to survive and to have a good documentation of issue: https://www.sympa.org/manual/dmarc > There's still a lot more Debian infrastructure that would have to be > considered (Alioth based lists, BTS mails, etc.) before we might consider > Debian to be DMARC ready. I don't know if it's worth the effort, but I don't > think there are any insurmountable technical barriers to get past if the > project decided to take this on. > > Scott K >
