Mailing list questions (DMARC, ARC, more?)

Alessandro Vesely vesely at tana.it
Thu Sep 1 10:07:02 UTC 2022


On Mon 29/Aug/2022 12:09:10 +0200 Matus UHLAR - fantomas wrote:
> On 25.08.22 18:10, Alessandro Vesely wrote:
>>
>> The lack of interest by others proves that From: munging is not so much of a 
>> nuisance as they say...
> 
> This will come sooner or later, however:
> 
> earlier this year I've done small dmarc research for our client:
> 
> - microsoft software (on-premise exchange and 365) does not DKIM-sign DSN   
> e-mail (delivery and non-delivery notifications) although those have   sending 
> domain in From: (I guess domain is added after sig generated)


So do I, relying on SPF for DNSs.


> - only a few % of domains has other DMARC policy than none
> - mailman 2 (used here) only munges From: when domain DMARC policy for the   
> sending domain is other than none.


Which is insecure.  While I keep p=none, anyone can post a spoof using my email 
address as From: and pretend to be me.  It never happens, but some people 
believe it /cannot/ happen.


>>>> I see the list operates both From: munging and ARC sealing.  While I'm 
>>>> clear about the former, I'm curious about how ARC works:
>>>>
>>>> Do any subscribers trust the seal by isc.org?
> 
> I guess most of recipients use predefined configurations, e.g. no whitelisting.
> 
> out of curiousity, I set my opendmarc.conf:
> 
> DomainWhitelist lists.isc.org
> 
> so we'll see next time mail comes.


Please tell us.

Mailman should know about your setting in order to skip From: munging in the 
copies sent to you.  Currently, the copies sent to pipermail for archiving seem 
to be non-munged, so this functionality exists.


Best
Ale
-- 











More information about the bind-users mailing list