[conspire] (forw) [BALUG-Admin] So, DMARC. A week ago.

Sat Feb 10 01:27:14 PST 2024

Quoting Akkana Peck (akkana at shallowsky.com):

["So, you want to run a mailing list server" tutorials/guides:]

> I don't have one to contribute, though I should probably go looking.
> I've been running my own mail server for decades but that doesn't mean
> I actually know what I'm doing, and reading some basic guides might
> point out things I'm not doing well.

Thanks for keeping an eye out.  I feel sheepish that I've previously
come across some, but then failed to note where for my records, but
that's the breaks.

> Overnight I received several DMARC reports, two emailed from Yahoo and
> one from Google (as .xml.gz) and one from google (as .zip which
> contains a .xml), but I'm not having much luck reading them. Is there
> a good way to read these silly XML reports?

Good question, and I don't yet have a good answer for you.

An ideal solution might be a daemon you could run to receive, parse,
store, and report on received DMARC reports arriving at the designated
e-mail address.  In my dreams, it would have a Web interface you could
use to view and analyse historical data.

At the moment, I do:

1.  Manually save each as I encounter it from my mutt session to /tmp.
2.  Open another screen(1) session, and cd to /tmp within that shell.
3.  gunzip or unzip the silly thing (as appropriate).
4.  View it using "less".

The utterly absurd XML presentation (like, what is this?  1998 trendy
technotrash?) is, of course, irritatingly human-hostile, but once I
reacquainted myself with its basic design and got my bearings in the
layout, the trick that helped most was mouse-highlighting everything
from a <report> tag to its closing (matching) </report> tag -- making it
more readable in a strictly visual sense.

I'm honestly still not 100% sure I understand the whole meaning of these
things, but, tell you what:  Over the last day and a half, I've received
about a dozen more of them, and I'll soon try to find time to analyse 
some of them in this space, so we can ponder what they're saying
together.

So far, _prior_ to the latest batch, I was seeing what I considered good
news.  That is, I was seeing "pass" on the SPF check, and "fail" on the 
(non-existent) DKIM check -- which I guess is desirable?  That aside,
I'm continuing to hear from some people correctly getting my direct
mail, and from a few people correctly getting my postings mediated via
mailing lists, including mailing lists hosted elsewhere (which was my
chief worry).

Some other data about deliverability to Yahoo Mail -- specifically, the 
non-delivery report on DKIM grounds(!) to Yahoo Mail of someone's
posting to the Skeptic mailing list (hosted on linuxmafia.com), suggests
that Yahoo still hates my system, but at this point I don't really care
much unless that's a harbinger of problems elsewhere, because, frankly,
screw Yahoo.  They can't die soon enough, for my liking.  Among other
sins, they're the specific asshats who gave us DKIM and DMARC.

Anyway, to be resumed later.

And, good idea trying online DMARC report analysing Web sites.  I ought
to try some, too -- if only so I can have greater confidence that I'm
correctly interpreting these XML thingies when I read them raw.

FWIW, I enabled reporting of both the aggregate reports and the
forensic/failure reports (as you saw in my initial post in which I
crafted my DNS zonefile's newly-legitimate DMARC RR).

-- 
Cheers,    "Here is how platforms die: first, they are good to their users; then
Rick Moen   they abuse their users to make things better for their business cus-
rick at linuxmafia.com tomers; finally, they abuse those business customers to claw
McQ! (4x80) back the value for themselves.  Then, they die."    -- Cory Doctorow