[Slackbuilds-users] Today's DMARC debacle
rob0 at slackbuilds.org
Thu Mar 22 04:39:08 UTC 2018
Some of you might not have seen this because your list delivery was
suspended. We think we have all the subscribers reenabled now.
The "fix" has been implemented and confirmed to work. "Fix" is the
wrong word; it is a workaround for the shortcomings of the DMARC
protocol. Our list was fine, but we had to break it in case some
other poster gets the same silly idea to play with DMARC.
If you missed anything from 2018-03-18 11:47 UTC to now, here's the
link to the archives:
On Sun, Mar 18, 2018 at 20:20 UTC, I wrote:
> Today a poster from a domain which published a DMARC "p=reject"
> policy posted to our mailing list. Either his DMARC record is new,
> or gmail just started enforcing DMARC, and so, unseen by all our
> numerous gmail/googlemail and Google Apps subscribers, you were
> kicked off our list.
> Yes, it's stupid. DMARC allows third/fourth parties to do this
> denial of service. Mailing lists since forever have used the
> original sender's "From:" header, but the list server's envelope
> sender. DMARC looks at the header, not the envelope.
> But, as with so many things, we are stuck with stupid stuff.
> GNU Mailman already has a workaround for the problem: it looks up
> DMARC for the poster's domain, and if a "p=reject" is published, the
> From header is rewritten. Yay, so you don't know who it was from.
> (Another workaround is to simply disallow posts from such domains.)
> Anyway, I'm working on the first workaround, and the poster who
> triggered all this is temporarily blocked from posting.
> We have placed the list on emergency moderation mode for now.
> Please, no more posts about this until I get it resolved. I will
> reply here when it is.
> I'm sorry for the inconvenience. I am sorry that DMARC exists.
> Fortunately it was only the posts (two) from this poster which caused
> all the havoc. Every subscriber who was removed from the list should
> have received their notification of removal. The problem was not a
> matter of gmail not accepting mail from us; only that the DMARC
> perpetrator was listed in the From: header. Not a factor for the
> removal notification mails from Mailman.
Rob McGee - /dev/rob0 - rob0 at slackbuilds.org
More information about the SlackBuilds-users