[BALUG-Admin] DMARC mitigation: already enabled (good!)

Rick Moen rick@linuxmafia.com
Mon Jul 25 23:22:59 UTC 2022

Upthread, I urged upgrading GNU Mailman so we got the ability to do a
tailored DMARC mitigation aimed at just the asshat sending domains with
p=reject or p=quarantine "strong" DMARC policies.  It was late, I was
tired, and I just assumed our version of Mailman (2.1.29) is too old for
that feature, because there have a number of 2.1.x bugfix versions since


includes the desired

  Action to take when anyone posts to the list from a domain with a
  DMARC Reject/Quarantine Policy.

...setting, and the desired option "Munge From" is already selected.

Accompanying item

  Shall the above dmarc_moderation_action apply to messages From:
  domains with DMARC p=quarantine as well as p=reject

...is likewise present and set to "yes" as desired.

I have verified this is true of the other three balug-* lists, too.

So, DMARC damage _is_ being handled as well as MLM software can.

It still might be a good idea to look into what later packaged 2.1.x
are available and feasible for this Debian release.  I haven't checked
the changelog, but worry that we're missing security bugfixes.

More information about the BALUG-Admin mailing list