[conspire] Awful kludge removed from Conspire and SF-LUG lists

Rick Moen rick at linuxmafia.com
Sat Mar 2 17:31:33 PST 2024 

I wrote:

> DMARC:
> :r! dig -t txt _dmarc.linuxmafia.com +short

...but accidentally deleted the result line, before posting.  Oops.
Here 'tis:


"v=DMARC1\; p=none\; sp=none\; rua=mailto:hostmaster at linuxmafia.com\; ruf=mailto:hostmaster at linuxmafia.com\; ri=604800\; fo=s\; pct=100"


https://mxtoolbox.com/dmarc.aspx is one of many validators/parsers for 
such records.  Entering linuxmafia.com into it generates
https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3alinuxmafia.com&run=toolpage 
, which finds no errors and gives a nicely commented tabular display 
showing what each part of it is and does.

Notably:  

1.  The RR (DNS reference record) says to _not_ fail mails claiming to
be from linuxmafia.com merely on grounds of failed DMARC alignment.  I
_hope_ this doesn't prevent my SPF record from being taken seriously, as
the SPF record itself requests.  Part of the reason I resent being
dragged into DMARC is that, to my knowledge, the DMARC specs are not
very clear about this detail, and, separately and additionally, you have
the problem that various implementations at receiving MTAs may implement
this aspect of a complex DNS/mail extension variously.

2.  "fo=s" means "generates forensic reports if SPF failed".
(https://mxtoolbox.com/dmarc.aspx does not explain this well, 
but other tools such as https://dmarcian.com/dmarc-inspector/ do.)

I might consider editing that to "fo=0", which means "generates forensic
reports if all underlying authentication mechanisms fail to produce a
DMARC pass result" -- except that, oddly enough, I don't presently 
care whether DMARC is enforced for my domain as long as SPF is.

In theory, _if_ DMARC can be wrestled into relying just on SPF validity,
I might chance altering "p=none" to "r=reject".  Ironically, this
amounts to hoping that DMARC doesn't fux0r SPF, underlining my basic
point that all I want out of anti-forgery extensions, I've already
gotten for 20+ years from SPF, and don't need bloody DMARC, let alone DKIM.

-- 
Cheers,                              "I would unite with anybody to do right,
Rick Moen                            and with nobody to do wrong."
rick at linuxmafia.com                             -- Frederick Douglass
McQ! (4x80)

More information about the conspire mailing list