[tlug] DMARC Test

["Stephen J. Turnbull" <steve@??>]

Brian Clemens writes:

 > I suspect my p=reject DMARC policy was overly restrictive.

Heaven help us, *yes*!  DMARC was designed as an anti-phishing device
for direct transactional mail, such as bank-to-account-holder.  It
only made it into the general email environment because of the
"recommender spam" fiasco caused by AOL and Yahoo between them leaking
1.5 billion contact lists to the spammers.  (Eventually that would
have happened to someone I suppose, but I didn't sleep for a week when
that blew up in April 2014.  I still nurse a deep grudge against those
providers.)

If people with p=reject policies are going to be posting, the list
should do DMARC mitigation by munging the From address.  It helps
somewhat to participate in the ARC protocol[1] but that's not a
panacea.


Footnotes: 
[1]  RFC 8617, it allows a domain to testify that mail it receives
passed authentication, even though because of modifications as relayed
can't pass DKIM or SPF.

-- 
GNU Mailman consultant (installation, migration, customization)
Sirius Open Source    https://www.siriusopensource.com/
Software systems consulting in Europe, North America, and Japan