Re: [exim] DMARC and Exim

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Marc Perkel
CC: exim-users, Oliver Howe
Subject: Re: [exim] DMARC and Exim
On 2012-02-03 at 11:11 -0800, Marc Perkel wrote:
> Just a quick question. SPF breaks email forwarding. Does DMARC get
> around this limitation?


DMARC is based on DKIM, which is unrelated to SPF.

The problem with DKIM is mailing-lists; any verifier needs to account
for those and decide what to do about broken signatures in the event
that it looks as though a list has been in the way. The one DMARC
verifier I've seen responses from accounts for that.

DMARC is an alternative to ADSP. It allows for an organisation domain,
which can have a default policy for all sub-domains, with some
heuristics to find the organisational domain (much as web-browsers use
for cutting off cross-domain cookies, using the same list of delegating
domains). DMARC allows for non-enforcing notifications.

If you spend the time to read the website and specification you'll learn
how to construct the TXT record for DNS, and the name to publish it
under, to let you get reports back from mail providers about the mail
they see that purports to be from you.

I go into some of the unforeseen ramifications at:
http://bridge.grumpy-troll.org/2012/02/how-private-is-your-mailing-list.html

--
https://twitter.com/syscomet