offtopic: rant about thoughtless enabling DMARC checks
Michael A. Peters
mpeters at domblogger.net
Mon Feb 11 01:48:52 EET 2019
On 2/10/19 3:46 PM, Michael A. Peters via dovecot wrote:
> On 2/10/19 3:42 PM, Noel Butler via dovecot wrote:
>> On 10/02/2019 12:49, Benny Pedersen via dovecot wrote:
>>
>>>
>>> fixing mailman will be the fail, solve it by letting opendkim and
>>> opendmarc not reject detected maillist will be solution,
>>
>>
>> A general broad mailing list whitelist will be problematic, do work it
>> needs to look for specific list type hidden headers, spammers and
>> nasties will incorporate those headers into their trash that
>> impersonates mailing lists and voila, they pass.
>
> However the majority of spammers do not spam with a properly configured
> Reverse DNS - so detect the list header and skip DMARC if list headers
> are present AND Reverse DNS matched the HELO/EHLO
>
Also, DMARC isn't really anti-spam technology, it's anti-spoof technology.
Rather than fake mail list headers, spammers will just use domains w/o a
DMARC policy. Much easier.
More information about the dovecot
mailing list