I'm petty sure I messed up attributions, so am deleting them.>> I believe this is a DMARC issue. Yahoo, among other places, has set >> their dmarc records to p=reject:>> So, if your mail hosting provider enforces dmarc,(gmail does) and you >> get mail from a list that doesn't rewrite the headers, and people >> from places like yahoo post to the list, you'll likely get some form >> of warning about being being kicked off the mailing list every now >> and then. The frequency depends on how often people from p=reject >> places post, and what the settings are for bounce handling of the >> mailing list in question.> This is indeed what happened. An email from yahoo.com.uk caused gmail > to reject all the mails sent by that user because of the yahoo DMARC > settings.Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk caused every gmail user to have his account disabled. I'd heard of the DMARC thing with mailing lists before, but had not known it enabled single e-mails of mass destruction.> We have now set the mailing list to rewrite headers. That also has set > the From: of the email to the Mailing list and not the Original Author. > The author is moved to the CC: block and you can still easily see who > sent it and my email client (thunderbird) still does things the same way > (reply to list sends to the list, reply sends to the original author).I'm truly amazed that rewwriting headers is not the default. -- Michael hennebry at web.cs.ndsu.NoDak.edu "Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a heiroglyph, and the blood of a virgin." -- someeecards
On 06/17/2018 08:52 AM, Michael Hennebry via CentOS wrote:> I'm petty sure I messed up attributions, so am deleting them. > >>> I believe this is a DMARC issue. Yahoo, among other places, has set >>> their dmarc records to p=reject: > >>> So, if your mail hosting provider enforces dmarc,(gmail does) and you >>> get mail from a list that doesn't rewrite the headers, and people >>> from places like yahoo post to the list, you'll likely get some form >>> of warning about being being kicked off the mailing list every now >>> and then. The frequency depends on how often people from p=reject >>> places post, and what the settings are for bounce handling of the >>> mailing list in question. > >> This is indeed what happened. An email from yahoo.com.uk caused gmail >> to reject all the mails sent by that user because of the yahoo DMARC >> settings. > > Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk > caused every gmail user to have his account disabled. > > I'd heard of the DMARC thing with mailing lists before, > but had not known it enabled single e-mails of mass destruction.I run dmarc on my mail server but only in report mode, it doesn't reject. I did it as a test (for years) and am fully convinced that dmarc is worthless for real world protection. Numerous mail lists out there are configured in such a way that dmarc gets triggered and that just isn't going to change. It's a neat idea but it's not backwards compatible with the way SMTP already works. I can not recommend its use. I do recommend mail server software update if possible to be compatible but I just can not recommend mail servers enforce dmarc. DKIM is a good thing, but dmarc breaks things too badly. Even DKIM though is of limited usefulness - it seems the spammer blacklists don't really care. Even with proper DKIM signature on a domain with correct reverse DNS set up for years, they will still add you to the spam blacklist if any other host on your subnet is identified as a spammer. So even the blacklists don't really utilize this anti-spam anti-spoof technology, which makes it kind of worthless. Using DKIM as one of several factors in spamassassin though is possibly helpful, though most spammers these days have a validating DKIM sig.
On 06/17/2018 09:11 AM, Alice Wonder via CentOS wrote:> On 06/17/2018 08:52 AM, Michael Hennebry via CentOS wrote: >> I'm petty sure I messed up attributions, so am deleting them. >> >>>> I believe this is a DMARC issue. Yahoo, among other places, has set >>>> their dmarc records to p=reject: >> >>>> So, if your mail hosting provider enforces dmarc,(gmail does) and you >>>> get mail from a list that doesn't rewrite the headers, and people >>>> from places like yahoo post to the list, you'll likely get some form >>>> of warning about being being kicked off the mailing list every now >>>> and then. The frequency depends on how often people from p=reject >>>> places post, and what the settings are for bounce handling of the >>>> mailing list in question. >> >>> This is indeed what happened. An email from yahoo.com.uk caused gmail >>> to reject all the mails sent by that user because of the yahoo DMARC >>> settings. >> >> Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk >> caused every gmail user to have his account disabled. >> >> I'd heard of the DMARC thing with mailing lists before, >> but had not known it enabled single e-mails of mass destruction. > > I run dmarc on my mail server but only in report mode, it doesn't reject. > > I did it as a test (for years) and am fully convinced that dmarc is > worthless for real world protection. > > Numerous mail lists out there are configured in such a way that dmarc > gets triggered and that just isn't going to change. > > It's a neat idea but it's not backwards compatible with the way SMTP > already works. > > I can not recommend its use. I do recommend mail server software update > if possible to be compatible but I just can not recommend mail servers > enforce dmarc. > > DKIM is a good thing, but dmarc breaks things too badly. > > Even DKIM though is of limited usefulness - it seems the spammer > blacklists don't really care. Even with proper DKIM signature on a > domain with correct reverse DNS set up for years, they will still add > you to the spam blacklist if any other host on your subnet is identified > as a spammer. > > So even the blacklists don't really utilize this anti-spam anti-spoof > technology, which makes it kind of worthless. > > Using DKIM as one of several factors in spamassassin though is possibly > helpful, though most spammers these days have a validating DKIM sig. > > _______________________________________________Let me put it this way - in the several years of running dmarc is report only mode, over 99% of reported violations are false positives from mail lists. That high of a false positive rate tells me it is broken technology.