From postfix-users  Sat Nov 23 09:26:02 2019
From: Dominic Raferd <dominic () timedicer ! co ! uk>
Date: Sat, 23 Nov 2019 09:26:02 +0000
To: postfix-users
Subject: Re: Validation DMARC
Message-Id: <CAF9Mo3L94JWADG8hevyC=fA0ZJ9sGO7aVZNbaFfZhgnzGjH=aA () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=postfix-users&m=157450125219563
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--00000000000001fe9205980020d6"

--00000000000001fe9205980020d6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sat, 23 Nov 2019 at 09:14, Roland K=C3=B6bler <rk-list@simple-is-better.=
org>
wrote:

> Hi,
>
> > when validating DMARC, it use the envelop address, or use from address
> from the header?
> it unfortunately uses the from-header.
> (If it would use the envelope address, it would not cause that much
> problems.)
>
> Or in short: DMARC intentionally breaks every mailinglist and every
> mail-forwarding.
> So, if a mail-provider uses a strict DMARC-policy, it effectively
> says: "Our mail-addresses may not be used for mailinglists."
>

DMARC's focus on the From header is absolutely correct because it is about
stopping forging. And it is simply untrue that DMARC breaks all mailing
lists nor that it breaks all mail forwarding.

I realise a lot of people on mailing lists about email have a downer on
DMARC because depending on (a) the implementation of DKIM by the sender's
domain controller and (b) on the setup of the mailing list it can - but
often doesn't - cause problems. But it is a very powerful tool for
preventing forging of emails. Domain controllers who are not bothered about
forging of emails from their domain are not obliged to use it.

--00000000000001fe9205980020d6
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-size:small"><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Sat, 23 Nov 2019 at 09:14, Roland K=C3=B6bler &l=
t;<a href=3D"mailto:rk-list@simple-is-better.org">rk-list@simple-is-better.=
org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x">Hi,<br>
<br>
&gt; when validating DMARC, it use the envelop address, or use from address=
 from the header?<br>
it unfortunately uses the from-header.<br>
(If it would use the envelope address, it would not cause that much<br>
problems.)<br>
<br>
Or in short: DMARC intentionally breaks every mailinglist and every mail-fo=
rwarding.<br>
So, if a mail-provider uses a strict DMARC-policy, it effectively<br>
says: &quot;Our mail-addresses may not be used for mailinglists.&quot;<br><=
/blockquote><div><br></div><div style=3D"font-size:small" class=3D"gmail_de=
fault">DMARC&#39;s focus on the From header is absolutely correct because i=
t is about stopping forging. And it is simply untrue that DMARC breaks all =
mailing lists nor that it breaks all mail forwarding.</div><div style=3D"fo=
nt-size:small" class=3D"gmail_default"><br></div><div style=3D"font-size:sm=
all" class=3D"gmail_default">I realise a lot of people on mailing lists abo=
ut email have a downer on DMARC because depending on (a) the implementation=
 of DKIM by the sender&#39;s domain controller and (b) on the setup of the =
mailing list it can - but often doesn&#39;t - cause problems. But it is a v=
ery powerful tool for preventing forging of emails. Domain controllers who =
are not bothered about forging of emails from their domain are not obliged =
to use it.<br></div></div></div>

--00000000000001fe9205980020d6--