Re: Microsoft O365 labels nanog potential fraud?

[Brad Knowles <brad () shub-internet org>]

On Mar 29, 2017, at 11:06 AM, Leo Bicknell <bicknell () ufp org> wrote:

> While I haven't looked at real mailing list software recently
> (e.g. mailman) when I last did they didn't suport this either and
> it took a pile of 3rd party hacks to make it work.

The latest versions of Mailman (2.1.23 and 3.0.0) both work reasonably well out-of-the-box with SPF, DKIM, and DMARC.  
Some additional configuration tuning might be necessary for additional compatibility.  However, those features are 
still available in an out-of-the-box configuration, they’re just not enabled by default because they might cause more 
problems than they would solve for certain types of typical installations.  So, if you want those features, you need to 
turn them on.

IMO, Mailman3 works better out-of-the-box with SPF, DKIM, and DMARC as compared to Mailman 2.1.x, but that codebase is 
still pretty fresh.  We’re now using it by default for mailing lists hosted on python.org, but we have not yet 
converted any of the older Mailman 2.1.x lists over to Mailman 3.  We haven’t noticed any major problems yet with the 
latest version of Mailman3, but we still want to be careful in our testing.

> For that matter, setting up DKIM is horrendously complicated for 
> no good reason…

Sites like DMARCian help with that process to a degree, but there’s still a lot of complexity there that I would like 
to see handled automatically.

Unfortunately, that’s kind of the nature of the beast right now with these tools.  The technology is still complex and 
difficult to configure, and it’s easy to set things up in a way that you wind up shooting yourself in the foot — and 
possibly with a large thermonuclear device.

No provider is immune to these mistakes, and some providers are more likely to make big mistakes than others.

-- 
Brad Knowles <brad () shub-internet org>