jimpop at gmail.com
Sun Sep 29 15:45:14 UTC 2013
On Sun, Sep 29, 2013 at 5:19 AM, Vernon Schryver <vjs at rhyolite.com> wrote:
>> From: Jim Popovitch <jimpop at gmail.com>
>> > Ha! I removed one ~6 months ago.... and since then I've been 550
>> > rejecting the reports... yet they still come in.
>> Oh wow. It was more than 9 months ago (_dmarc.spammers.dontlike.us
>> was removed on 15-Jan-2013).
> I saw something similar from Microsoft while playing with DMARC.
> Microsoft never forgot _dmarc records I simply deleted. However,
> publishing records with reporting or checking explicitly turned off
> were eventually effective. I think it might have taken a week for the
> reports to stop.
> This might sound like a bug or problem with DMARC at Microsoft, but
> it might be a feature implied by the same design requirements the cause
> DMARC to apply SPF DNS records more broadly than RFC 4408 allows. For
> example contributions to this mailing list from domains using DMARC+SPF
> with rejection will not be seen at free Google or Microsoft mailboxes,
> because the SMTP envelope Mail_From value will not be in even "relaxed
> alignment" with the From: field in the forwarded contributions.
Yep. We (the SDLU mailinglist) deny at MTA mail From: domains with an
explicit p=reject, because we already know we can't deliver that mail
to most of the subscribers.
> Contrary to what one might guess from
> https://en.wikipedia.org/wiki/DMARC and http://www.dmarc.org/overview.html
> DMARC seems intended to improve communications between large scale
> mailbox providers such as Microsoft and Google and bulk mail senders.
> DMARC tells bulk mail advertisers such as American Greetings and
> Linkedin about "inbox placement." It tells bulk mail senders might
> prefer their bulk mail not be forwared such as Fidelity Investments
> and JPMorganChase.
The true need for DMARC lies in a niche area, transactional emai. PR
and talking heads have tried to deliver it as an "end to spam" that
should be liberally applied, even to user-generated-content domains.
More information about the dns-operations