DMARC is perfectly compatible with mailing lists as long as they don't forge emails. If they set headers like List-Unsubscribe and sent them along, it wouldn't be an issue. Amusing that the Linux kernel depends so much on email security but they're against preventing spoofing.
Conversation
Replying to
SPF passes for mailing lists based on MAIL FROM since it doesn't really prevent spoofing itself. DKIM passes if they don't tamper with the content or signed headers. DKIM is aligned with the FROM address so DMARC passes. Problem is mailing lists add a footer to the email, etc.
1
It sucks that mail spoofing is still broadly applicable even when using a reject policy for your domain because so few providers actually enforce it. Many providers also don't use a reject policy because of issues like this. Gmail only uses a quarantine policy for their domain.
1
3
Lots of mailing lists started mangling the FROM address as a workaround to stop claiming that their modification to the email is from that person. Linux kernel lists need `git am` to work so they can't do that. Why don't they just stick to adding headers and leave content alone?
1
I really can't understand why a lot of Linux kernel maintainers have spent years fighting against preventing email spoofing. How about not tampering with people's emails and claiming that they sent an email they didn't actually send? Doesn't seem hard. Email security is so bad.
1
2
In general, real world email does not prevent spoofing (DMARC reject policies for every domain + enforcement on receiving end) and doesn't use authenticated encryption. MTA-STS/DANE mostly have adoption in terms of setting the DNS records so others can verify, but they don't...
1
1
Everything needed is there, but adoption sucks and people actively fight against it based on tradition and lack of understanding. Seems to be how most federated systems end up, including XMPP. Bolting on security or improving it is hard and people aren't going to use it anyway.
2
Replying to
what are you talking about? the vger.kernel.org lists I'm on send mails with valid SPF/DKIM/DMARC from the original sender, and they don't append footers or subject prefixes or anything like that.
1
can you please be more specific and say which list(s) you're talking about?
1
Show replies
Replying to
More mail server sys admins need to set proper smtp checks, virus checks and grey-listing