Skip to Content.
Sympa Menu

en - RE: [sympa-users] problems with DMARC?

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Steve Shipway <address@concealed>
  • To: Erik Olson <address@concealed>, "address@concealed" <address@concealed>
  • Subject: RE: [sympa-users] problems with DMARC?
  • Date: Tue, 8 Apr 2014 23:05:28 +0000

Many thanks to Erik for spotting this and posting.

 

So, if I read this correctly, Yahoo have done three things –

 

1.       Published a DMARC record requesting Reject if either DKIM or SPF/SIDF checks fail, and mandates a DKIM signature being present for their domain, and

2.       Used a DKIM signature that includes the Reply-To header, so mailing lists (which change Reply-To) break the DKIM checks, and

3.       Published a SPF/SIDF rule that apparently tests From rather than Sender, resulting in a hard fail.

 

I’m not so certain of (3) but something weird is certainly going on with SIDF there.

 

Unfortunately there is not much we can do about all this.  The DMARC mandating of DKIM means that stripping the DKIM headers (which is what we @UoA do) is no longer enough.

 

Anonymising the list (to remove the original From header) might help with the SIDF issues.  Configuring Sympa to strip the old DKIM headers and sign with your own DKIM key could be enough for the DMARC to be satisfied.

 

At UoA, we have our own DKIM keys, and all outgoing mail (including mailing lists) is DKIM signed.  However I’ll need to run a few tests (I do not have a Yahoo account currently) to see if this has solved the mess Yahoo have made.  Since we’re a university, there’s a high possibility that students have Yahoo accounts and so our mailing list setup needs to support them…

 

Steve

 

Steve Shipway

address@concealed

 

From: address@concealed [mailto:address@concealed] On Behalf Of Erik Olson
Sent: Wednesday, 9 April 2014 5:06 a.m.
To: address@concealed
Subject: Re: [sympa-users] problems with DMARC?

 

--
Erik Olson
Proudly joining 21st Century e-mail in 2013

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19+.

Top of Page