Subj : Re: [WINServer] dmarc To : All From : winserver.support@winserver.com Date : Fri Nov 23 2018 16:15:40 Newsgroups: wclistserve.win.server Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for WINServer@winserver.com; Fri, 23 Nov 2018 17:15:33 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 2008269276.45468.3760; Fri, 23 Nov 2018 17:15:32 -0500 Message-ID: <5BF87C0B.2040001@winserver.com> Date: Fri, 23 Nov 2018 17:15:39 -0500 From: Hector Santos Organization: Santronics Software, Inc User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: WINServer@winserver.com Subject: Re: [WINServer] dmarc References: <000001d481ee$00e95c00$02bc1400$@org> <5BF6A96F.3000005@winserver.com> <5BF81BF0.3020409@winserver.com> <000001d48363$7f5c1890$7e1449b0$@org> In-Reply-To: <000001d48363$7f5c1890$7e1449b0$@org> Content-Type: multipart/mixed; boundary="------------000706080600050705010603" On 11/23/2018 2:34 PM, Antonio Rico wrote: > Hi, > > Will this open up the possibilities of mail bombs and mass email floods, if the header conversion is not done securely? > How so? Well, with the new features put in place for WCLS, wcLS operators will no longer have an issue related with their subscribers getting kicked off the list because their receiver rejected a "yahoo.com" message or any domain that has a DMARC p=reject or p=quarantine policy. So WCLS will restrict these domains. Ironically, I proposed this back in 2006 with the DSAP proposal before DMARC existed because I saw what could happen: https://tools.ietf.org/html/draft-santos-dkim-dsap-00#section-3.3 3.3. Mailing List Servers Mailing List Servers (MLS) applications who are compliant with DKIM and DSAP operations, SHOULD adhere to the following guidelines: Subscription Controls MLS subscription processes should perform a DSAP check to determine if a subscribing email domain DSAP policy is restrictive in regards to mail integrity changes or 3rd party signatures. The MLS SHOULD only allow original domain policies who allow 3rd party signatures. Message Content Integrity Change List Servers which will alter the message content SHOULD only do so for original domains with optional DKIM signing practices and it should remove the original signature if present. If the List Server is not going to alter the message, it SHOULD NOT remove the signature, if present. This was 2006! 12 years ago, but over the years as the industry was debated this who DKIM Author Domain Policy thing and the problems with the List Server, I put into place some of it but not all of it in WCLS. What I did was the restriction to subscribe, that you can see here now: http://www.winserver.com/public/wcls/default.wct?list=winserver You will see a red box telling you about the restriction. try it, use a yahoo.com or aol.com address, even fake, because wcLS html-Subscribe is not going to let you subscribe. But what I didn't do was the 2nd part where there was already subscribers from domains like yahoo.com and yahoo decided to add a DMARC p=reject. That decisions that turned the list industry around because now we had to do something. If there was already members from yahoo.com and other restricted domains, that will caused problems as we saw. Well, it caught us a few weeks ago but I took care it now by implementing my 2006 ideas. We are not done. :) This has nothing to do with someone posting/importing old mail. Maybe a better dupe checker would of prevented it. -- Hector, Engineering & Technical Support Santronics Software, Inc. http://www.santronics.com (sales) http://www.winserver.com (support) http://www.winserver.com/AupInfo (Online AUP Help) Office: 305-248-3204 begin:vcard fn:Hector Santos n:Santos;Hector email;internet:winserver.support@winserver.com tel;work:305-248-3204 version:2.1 end:vcard --- Platinum Xpress/Win/WINServer v3.1 * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013) .