Hi, I'm the listadmin (amongst other things) for Gentoo Linux. Our lists handle somewhere north of 100k deliveries/day; it's a large deployment of mlmmj. I also happen to personally host the lists for my local hackerspace, and that's where I first noticed DMARC causing problems, because one of our members activated reject mode on his personal domain, and then all yahoo+gmail recipients started having bounced mail whenever mail from the DMARC-progressive user was sent. I wrote up my findings here: http://robbat2.livejournal.com/241253.html If the listserv's outgoing MTA does implement DKIM signing, this problem will still occur because it's legitimately valid for the From header to differ from the envelope sender. That's why the extra DMARC header X-Original-Authentication-Results [1] is needed sadly :-(. The problem described WILL vanish when all mailing list apps implement DMARC, but until then, it's really broken. It's really bad because not a single list implementation supports DMARC yet; mailman is the closest, but still not yet there. If possible, if everybody could highlight the lack of open-source support for DMARC in list apps, that would be hugely beneficial to the cause. At the same time, delaying mass usage of the reject policy would limit damage. [1] https://sites.google.com/site/oauthgoog/mlistsdkim -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
Attachment:
signature.asc
Description: Digital signature