[opendmarc-users] OpenDMARC NOT useless with Postfix
Al Iverson
aiverson at spamresource.com
Thu Sep 18 11:20:34 PDT 2014
On Thu, Sep 18, 2014 at 1:02 PM, Joachim Fahrner <jf at fahrner.name> wrote:
> Am Donnerstag, den 18.09.2014, 19:55 +0200 schrieb A. Schulze:
>
>> Of course you have to make sure the spf+dkim milter
>> actually *do not* reject any message.
>
> How can you tell it's working, if you have a policy=none in your Domain?
>
> v=DMARC1\; p=none\;
> rua=mailto:rua at dmarc.andreasschulze.de,mailto:d at rua.agari.com\;
> ruf=mailto:ruf at dmarc.andreasschulze.de,mailto:d at ruf.agari.com"
>
> Without a reject dmarc is useless for me.
Slow down here. I think you misunderstand something about DMARC.
#1 - Tell other people (any domain who wishes to respect DMARC) what
to do with mail that says it is from your domain but does not
authenticate.
#2 - Configure your own server to reject mail from others, mail that
is probably forged based on that criteria.
OpenDMARC is used on the receiving side for #2. A person's own DMARC
policy on their sending domain has NO bearing on this.
I don't use p=reject in spamresource.com because I am not a phishing
target and I don't want to fight with mailing list issues. I do use
DMARC on my receiving server to attempt to reject as much forged mail
as possible.
DMARC is not "useless to me" even though I don't use p=reject.
Cheers,
Al Iverson
--
Al Iverson | Chicago, IL | (312) 725-0130
spamresource.com / fhsdh.com / @aliverson
More information about the opendmarc-users
mailing list