On 06/03/2025 14:44, Laura Atkins wrote:
On 6 Mar 2025, at 12:45, Seth Blank
<[email protected]> wrote:
On 05/03/2025 03:34, Douglas Foster wrote:
But it is an IETF problem because IETF is a significant implementer
of the technology, and fully capable of either building a custom
solution or motivating a vendor to do so. Not only has it not done
so, it has not used DMARC to protect its lists from the most
conspicuous form of impersonation, as demonstrated by a white-hat
research attack.
Rejecting on p=reject should be a no-brainer for a mailing list.
Most lists, including this one, decided to rewrite the from address
rather than reject users behind a p=reject.
They are two unrelated operations that serve different purposes.
Rewriting the From: address before forwarding is useful to avoid
DMARC-produced rejects at the subscriber's MX.
Enforcing DMARC by a mailing list is useful to avoid impersonation of
valimail's users, since valimail has p=reject.
While most "generic" MTAs cannot impose to their users to not receive
forwarded messages, a mailing list can well require that posters use
their subscriber address. For example, this list[*] has a "Manage
Subscription" menu which contains a form to "change the email used for
this subscription". In what case would a post arrive indirectly instead?
Best
Ale
--
[*] https://mailman3.ietf.org/mailman3/lists/dmarc.ietf.org/
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
