Re: [OT] Tim, Gil, et. al. (e-mail address settings)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Once upon a time, Greg Woods <woods@xxxxxxxx> said:
> On Fri, Jul 1, 2016 at 7:16 AM, Chris Adams <linux@xxxxxxxxxxx> wrote:
> > No, it isn't specifically a Gmail issue, it is an issue from the
> > combination of DMARC strict policies, sites that enforce DMARC policies,
> > and mailing lists.
> 
> DMARC, that was it. Thank you for the more detailed (and more correct)
> explanation.
> 
> As a Google user, I most often see this in mail coming from Yahoo.

Yes, Yahoo is probably the largest user base with a DMARC "p=reject"
policy (AOL also has that, but who uses AOL these days? :) ).

> And Ed
> also makes a good point. I already filter my mailing list mail into
> separate labels for each list, and check "Never send to spam" for these,
> which removes the DMARC issue. Setting "never send to spam" means you are
> relying on the server for the mailing list to do the spam filtering.

The problem with whitelisting senders is that malware is smart enough to
abuse it (has been for years, but is getting smarter lately).  There
have been several spam/virus senders lately that recognize mailing lists
in people's address books, and then send garbage from a recognized list
member address to other members, setting the headers to look like they
went through the list server.

As soon as you whitelist the list, there's no way for your server to
block such garbage messages.  Even if the list server sets SPF, DKIM,
and/or DMARC, your whitelist entry says to ignore them.

It is a tough problem.  Ideally, list servers would rewrite the From:
address (to avoid DMARC issues), and they'd all have SPF records (which
Fedora's list server does), sign messages with DKIM, and have DMARC
policies.  Then you shouldn't need to whitelist (or at most whitelist
from content filters, but not SPF/DKIM/DMARC checks).

As mail servers are moving to IPv6, some servers are requiring SPF
and/or DMARC to accept email over IPv6, so maybe we'll get a little
better experience there.
-- 
Chris Adams <linux@xxxxxxxxxxx>
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux