Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large. Not sure who manages it anymore these days. - Jared
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large.
The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. -- Chris Adams <cma@cmadams.net>
Once upon a time, Chris Adams <cma@cmadams.net> said:
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large.
The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject.
Oh, or someone just changed the config per your request. :) I have p=none but my From got rewritten on this message. -- Chris Adams <cma@cmadams.net>
On 8/2/22 11:18 AM, Chris Adams via NANOG wrote:
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large. The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. Oh, or someone just changed the config per your request. :) I have
Once upon a time, Chris Adams <cma@cmadams.net> said: p=none but my From got rewritten on this message.
I think it's been doing this for ages. It was the first time I'd seen From rewriting in the wild iirc. I'm not understanding what problem Jared is talking about. Mike
On Tue, 2022-08-02 at 11:24 -0700, Michael Thomas via NANOG wrote:
On 8/2/22 11:18 AM, Chris Adams via NANOG wrote:
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large. The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. Oh, or someone just changed the config per your request. :) I have
Once upon a time, Chris Adams <cma@cmadams.net> said: p=none but my From got rewritten on this message.
I think it's been doing this for ages. It was the first time I'd seen From rewriting in the wild iirc.
It's been doing it for ages for p=reject, but not p=none (the latter being Jared's situation) There are toggles in MM2 to do DMARC address rewriting for p=none and p=quarantine in addition to p=reject. -Jim P.
On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote:
On Tue, 2022-08-02 at 11:24 -0700, Michael Thomas via NANOG wrote:
On 8/2/22 11:18 AM, Chris Adams via NANOG wrote:
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large. The list is doing the DMARC handling (From rewrite) for senders with a DMARC p=reject. Oh, or someone just changed the config per your request. :) I have
Once upon a time, Chris Adams <cma@cmadams.net> said: p=none but my From got rewritten on this message. I think it's been doing this for ages. It was the first time I'd seen From rewriting in the wild iirc. It's been doing it for ages for p=reject, but not p=none (the latter being Jared's situation)
There are toggles in MM2 to do DMARC address rewriting for p=none and p=quarantine in addition to p=reject.
I'm sort of surprised that an org would have p=reject when its users use outside mailing lists. Most mailing lists probably don't even have From rewriting or the mailing list operator is clueless about the problem. (think: non-technical mailing lists). Mike
It appears that Michael Thomas via NANOG <mike@mtcc.com> said:
On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote:
It's been doing it for ages for p=reject, but not p=none (the latter being Jared's situation)
I don't understand Jared's concern. His DMARC policy, like mine, is p=none which tells receivers to do nothing DMARC-y with our messages. I don't get any sort of blowback from nanog posts that I can recall seeing.
I'm sort of surprised that an org would have p=reject when its users use outside mailing lists.
Unfortunately, we lost that battle a long time ago. It's "more secure" and "best practice" so go away. R's, John
On Aug 2, 2022, at 4:31 PM, John Levine via NANOG <nanog@nanog.org> wrote:
It appears that Michael Thomas via NANOG <mike@mtcc.com> said:
On 8/2/22 12:30 PM, Jim Popovitch via NANOG wrote:
It's been doing it for ages for p=reject, but not p=none (the latter being Jared's situation)
I don't understand Jared's concern. His DMARC policy, like mine, is p=none which tells receivers to do nothing DMARC-y with our messages. I don't get any sort of blowback from nanog posts that I can recall seeing.
I'm sort of surprised that an org would have p=reject when its users use outside mailing lists.
Unfortunately, we lost that battle a long time ago. It's "more secure" and "best practice" so go away.
Much like inline replies v top-posting and etc.. I did manage to get someone to flip the setting so hopefully I’m not getting a lot of bounce back from this e-mail. Thanks to the kind soul who flipped the setting. - jared
I did manage to get someone to flip the setting so hopefully I’m not getting a lot of bounce back from this e-mail.
Once again, if you were getting bounces, they had nothing to do with DMARC because you don't publish a DMARC policy. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
It appears that Jared Mauch <jared@puck.nether.net> said:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large.
I checked with Jared and he seems to misunderstand the meaning of the DMARC failure reports he is getting. (I get them too, lots of them, and file and ignore them.) They do not indicate any sort of delivery problem. Please do *not* change the DMARC settings for p=none since it degrades the list mail and makes it much harder to tell who is sending each message and who to reply to. R's, John
On 8/2/22 1:16 PM, Jared Mauch wrote:
Can someone flip the option in Mailman for DMARC please, it’s problematic as if one posts and does DMARC and has feedback on, our messages are possibly rejected, and the feedback from a post is quite large.
Not sure who manages it anymore these days.
You can reach the admin at admins@nanog.org. The nanog-owner@nanog.org goes there too, so there's practically no reason to go on list with such things. The list is configured to wrap anyone posting from a domain with a with a DMARC Reject/Quarantine Policy (dmarc_moderation_action). If you don't have this set on your domain, the list will not wrap your message (which is the correct behavior as it breaks other things). Hit up the admin team and we'll look at it. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
Once upon a time, Bryan Fields <Bryan@bryanfields.net> said:
The list is configured to wrap anyone posting from a domain with a with a DMARC Reject/Quarantine Policy (dmarc_moderation_action). If you don't have this set on your domain, the list will not wrap your message (which is the correct behavior as it breaks other things).
That is not the case right now; it appears to be modifying ALL senders since earlier today (about 12:20pm CDT) . Your message has "From: Bryan Fields via NANOG <nanog@nanog.org>" even though you have no DMARC record at all. -- Chris Adams <cma@cmadams.net>
On 8/2/22 8:46 PM, Chris Adams via NANOG wrote:
Once upon a time, Bryan Fields <Bryan@bryanfields.net> said:
The list is configured to wrap anyone posting from a domain with a with a DMARC Reject/Quarantine Policy (dmarc_moderation_action). If you don't have this set on your domain, the list will not wrap your message (which is the correct behavior as it breaks other things). That is not the case right now; it appears to be modifying ALL senders since earlier today (about 12:20pm CDT) . Your message has "From: Bryan Fields via NANOG <nanog@nanog.org>" even though you have no DMARC record at all.
Yes, I'm trying to get to the bottom of what if anything happened with the admin team. This is really broken at this point as munging from breaks DKIM signing if present in the original email. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
participants (7)
-
Bryan Fields -
Chris Adams -
Jared Mauch -
Jim Popovitch -
John Levine -
John R. Levine
-
Michael Thomas