DMARC/DKIM mitigation on maling lists
Greg Troxel
gdt at lexort.com
Thu Nov 9 12:58:05 PST 2023
Markus Neteler <neteler at osgeo.org> writes:
> On Wed, Nov 8, 2023 at 1:43 PM Greg Troxel <gdt at lexort.com> wrote:
>>
>> This is not really related to dealing with DMARC, but I noticed
>> something in your message.
>>
>> Here are the headers in the messaeg, minus a couple added by my system
>> (spam filtering scores) omitted to reduce noise.
>>
>> - Your message has a From: of neteler at osgeo.org.
>> - it was actually sent via google.
>> * google did not include your client's IP address (that's great)
>> * google has an X-Google-DKIM-Signature instead of DKIM-Signature
>> (This is bizarre but not news to me)
>> * google's faux DKIM header is from 1e100.net
>> (also odd but not news)
>> - osgeo.org applied a dkim signature from osgeo.org to the list
>> message
>
> Would changing anything in this regard help?
> https://wiki.osgeo.org/wiki/SAC:Message_Submission_Agent
Yes, the right thing to do is to send all mail with From: of osgeo
through osgeo's outgoing server.
> I wonder how to make use of this new SAC MUA service with Gmail (which
> many will use) rather than Thunderbird.
gmail is a mail server, not a generic mail client. In addition, it has
a webmail interface that is, as far as I know, bound to that service.
People will need to use some kind of "Mail User Agent" configured to the
osgeo MSA.
It is somewhat surprising to me that gmail doesn't publish a DMARC
record and people can still inject messages elsewhere with a From: of
gmail. You can't do this with yahoo.com, for example, and have them be
delivered. So there is no ability to send @yahoo.com mail with gmail.
Basically one can no longer choose to use "gmail for all mail", unless
all of your outgoing mail has your gmail address in it.
More information about the Sac
mailing list