On 11/2/2016 6:19 PM, Brian E Carpenter wrote:
I think Michael Richardson made a very valid point. If our mailing
list software detects a sender whose domain has p=reject, we *know*
that the forwarded message will fail DMARC validation. So there's a
strong case for rejecting the message immediately, so that the sender
can be told about the problem and can choose a different sending address.
I had it in my 2006 DSAP proposal for MLM guidelines:
http://tools.ietf.org/html/draft-santos-dkim-dsap-00#section-3.3
The term DMARC can be swapped in the section since its really about a
general DKIM+POLICY and it doesn't matter if it was SSP, ADSP, DSAP or
DMARC:
3.3. Mailing List Servers
Mailing List Servers (MLS) applications who are compliant with DKIM
and DMARC operations, SHOULD adhere to the following guidelines:
Subscription Controls
MLS subscription processes should perform a DMARC check to
determine if a subscribing email domain DMARC policy is restrictive
in regards to mail integrity changes or 3rd party signatures. The
MLS SHOULD only allow original domain policies who allow 3rd party
signatures.
Message Content Integrity Change
List Servers which will alter the message content SHOULD only do
so for original domains with optional DMARC signing practices and
it should remove the original signature if present. If the List
Server is not going to alter the message, it SHOULD NOT remove the
signature, if present.
Wow! 10 years and we still having this issue! Incredible. :(
But I did add the subscription controls for our ML software.
Presumably, we'd only need to do this until ARC is deployable.
Can ARC resolve the downlink problem for the non-ARC compliant receivers?
I've always said that the MLM needs to "look up" the practices of the
Author Domain. What is its expectation? Intentions?
If the MLM expects the receivers to do DMARC lookups, why shouldn't
the MLM do the same prior to accepting a list submission or
subscriber? The MLM can also check/detect DMARC related SMTP error
responses and minimize the erroneous automatic removals from list.
All this requires MLM software change.
--
HLS