[ntp:questions] [META] lists.ntp.org borked DMARC settings
jb-usenet at wisemo.com.invalid
Fri May 10 01:23:37 UTC 2019
On 09/05/2019 17:06, John Levine wrote:
> In article <n-qdnSmIEPSoMk7BnZ2dnUU78R3NnZ2d at giganews.com>,
> Jakob Bohm <jb-usenet at wisemo.com.invalid> wrote:
>> For about 2 months now, the lists.ntp.org gateway between the newsgroup
>> and mailing list has had a borked setting that rejects posts from real
>> e-mail addresses if the e-mail domain's DMARC is configured to the
>> minimums required to get actual mail accepted by other systems.
> My DMARC record says "p=none" and systems all over the world
> accept my mail just fine. If someone has told you that mail
> systems require "p=quarantine", you've been badly misinformed.
> Please leave the mailing list alone. None of the anti-DMARC settings
> actually work very well.
It is (ironically) Mailman mailing lists that required switching from
p=none to p=quarantine . Because otherwise they cause the reporting
data to be flooded with alerts from all the mail servers that receive
mailman forwarded mails "spoofing" the e-mail domains I manage.
Now early on (when Yahoo turned on DMARC as the first big e-mail host),
some Mailman developers ranted and raved that DMARC should be sabotaged.
They eventually somewhat relented at provided Mailman options to
actually handle DMARC somewhat reasonably.
Now for some reason the Mailman on lists.ntp.org has been set up to:
- Run with the hopeless sabotage settings for DMARC.
- Seemingly drop mails sent to questions-owner.
- Direct the mailman mailbox to a closed mailing list while keeping
support pages that specify it as an outside contact point.
- Leave information placeholders in rejection mails unconfigured,
resulting in the already insulting rejection mails containing
a placeholder field where the contact address should be.
In terms of improving e-mail security globally, it would be better
if things like DMARC were easier to turn up to max, instead of
having to keep it at ineffective levels to workaround mailing list
Almost every day I see spam that wasn't rejected because a spoofed
domain still runs with weak settings for SPF, DKIM, DMARC etc.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the questions