[194267] in North American Network Operators' Group
Re: Microsoft O365 labels nanog potential fraud?
daemon@ATHENA.MIT.EDU (Brad Knowles)
Wed Mar 29 13:54:25 2017
X-Original-To: nanog@nanog.org
X-Barracuda-Envelope-From: brad@shub-internet.org
From: Brad Knowles <brad@shub-internet.org>
In-Reply-To: <20170329160619.GA88244@ussenterprise.ufp.org>
Date: Wed, 29 Mar 2017 12:54:07 -0500
To: Leo Bicknell <bicknell@ufp.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Mar 29, 2017, at 11:06 AM, Leo Bicknell <bicknell@ufp.org> wrote:
> While I haven't looked at real mailing list software recently
> (e.g. mailman) when I last did they didn't suport this either and
> it took a pile of 3rd party hacks to make it work.
The latest versions of Mailman (2.1.23 and 3.0.0) both work reasonably =
well out-of-the-box with SPF, DKIM, and DMARC. Some additional =
configuration tuning might be necessary for additional compatibility. =
However, those features are still available in an out-of-the-box =
configuration, they=E2=80=99re just not enabled by default because they =
might cause more problems than they would solve for certain types of =
typical installations. So, if you want those features, you need to turn =
them on.
IMO, Mailman3 works better out-of-the-box with SPF, DKIM, and DMARC as =
compared to Mailman 2.1.x, but that codebase is still pretty fresh. =
We=E2=80=99re now using it by default for mailing lists hosted on =
python.org, but we have not yet converted any of the older Mailman 2.1.x =
lists over to Mailman 3. We haven=E2=80=99t noticed any major problems =
yet with the latest version of Mailman3, but we still want to be careful =
in our testing.
> For that matter, setting up DKIM is horrendously complicated for=20
> no good reason=E2=80=A6
Sites like DMARCian help with that process to a degree, but there=E2=80=99=
s still a lot of complexity there that I would like to see handled =
automatically.
Unfortunately, that=E2=80=99s kind of the nature of the beast right now =
with these tools. The technology is still complex and difficult to =
configure, and it=E2=80=99s easy to set things up in a way that you wind =
up shooting yourself in the foot =E2=80=94 and possibly with a large =
thermonuclear device.
No provider is immune to these mistakes, and some providers are more =
likely to make big mistakes than others.
--=20
Brad Knowles <brad@shub-internet.org>
