as a reminder, all of my emails are signed using DKIM. if you ever receive an email lacking a DKIM signature or with a DKIM signature using a key not associated with my domain, you can be assured it's a forgery.
Conversation
Replying to
Is there a particular mailing list blocking you from using an enforcing DMARC policy?
Mailing list software is largely compatible with it nowadays, as long as it's properly configured. Either needs to be configured to avoid tampering with signed mails or mark it as sent by them.
2
2
Replying to
switching to an enforcing policy is on my to-do list, possibly this weekend, given the spam incidents that are happening.
1
i mostly cite FOFAFO (fear of fucking around and finding out) as the reason i haven't done it yet.
1
Replying to
Most smaller email servers don't set up OpenDMARC or equivalent to enforce it. It works really well with the major providers though.
It doesn't tend to silently break anything but email is pretty annoying since it can take a really long time to actually get the error message.
I always set up an enforcing policy for each domain as the first step. It's useful even if it doesn't send email, since you still don't want someone spoofing emails from there. Setting null MX ("0 .") also gives people instant errors that they can't send email to the domain.
1
2
Show replies
Replying to
well, the other blocker is that i intend to switch from OpenDKIM to the replacement that Drew DeVault wrote. but i haven't imported his local package for Sourcehut into alpine proper yet. so much to do...
1
(Drew's replacement replaces both OpenDKIM and OpenDMARC, AFAIK)