[opendmarc-users] How to deal with blocked DMARC reports
Benny Pedersen
me at junc.eu
Sat Jan 5 14:05:10 PST 2019
Grant Taylor skrev den 2019-01-05 19:59:
> I have a hard time accepting the idea of configuring my server to
> refuse to accept email because the admin of the sending domain has
> misconfigured an /optional/ reporting / security feature.
note tempfail ?
i did not say reject
i think this problme here with dmarc is equal to the time when some
domain had mx pointing to hostname that had a records pointing to
127.0.0.1 or other non routetble ips
this stopped when postfix rejected mx with this ip ranges in sender
domain mx
why let dmarc continue to have it imho same problem ?
note dmarc will be not rejecting maillists if maillist servers starting
arc seal there mails, this will imho make mailman drop there take owner
ships on senders that do dkim sign mails and as recieved on maillist is
dkim pass
> I feel like rejecting email based on a bad reporting email address for
> DMARC is *WAY* more Draconian than rejecting email when sending
> domains have "…-all" in their SPF record. (I digress.)
i did not say reject, but tempfail
>> why would domain owners like to have dmarc reporting when there
>> mailserver does not accept it
>
> I don't know that "like" is the best description here. Ignorance,
> misconfiguration, misunderstanding dome to mind as legitimate reasons
> why there might be a bad email address in the DMARC record.
how can we help misconfigred dmarc hosts ?
can opendmarc milter use lua scripts to do test if domain can be
reported to, before data is save to the stats file for reporting ?
More information about the opendmarc-users
mailing list