openssl-users: DKIM, DMARC and all that jazz, and what it means to us

Richard Levitte levitte at openssl.org
Fri Feb 15 15:03:42 UTC 2019


Hi all,

It seem like DMARC, SPF, DKIM, or *something* is tripping us up quite
a bit.  Earlier this afternoon (that's what it is in Sweden at least),
us postmasters got a deluge of bounce reports from mailman, basically
telling us that it got something like this:

<user at example.com>: host aspmx.l.google.com[74.125.140.26] said:
    550-5.7.1 This message does not have authentication information or fails to
    pass 550-5.7.1 authentication checks. To best protect our users from spam,
    the 550-5.7.1 message has been blocked. Please visit 550-5.7.1
    https://support.google.com/mail/answer/81126#authentication for more 550
    5.7.1 information. f1si3266960wro.105 - gsmtp (in reply to end of DATA
    command)

There's very little fact of what actually triggered these bounces, but
they always come from Google, so we're guessing that they're becoming
increasingly aggressive in their checks of DKIM, SPF, ARC, who knows
(they don't seem to check DMARC, 'cause we do have one with p=none and
an address to sent DMARC reports to, and I'm hearing absolutely
nothing from Google, but I do hear from others)

So, to mitigate the problem, we've removed all extra decoration of the
messages, i.e. the list footer that's usually added and the subject
tag that indicates what list this is (I added the "openssl-users:"
that you see manually).

So IF you're filtering the messages to get list messages in a
different folder, based on the subject line, you will unfortunately
have to change it.  If I may suggest something, it's to look at this:

    List-Id: <openssl-users.openssl.org>

Cheers,
Richard ( role: postmaster )

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-users mailing list