You are here: Home > Publications > RIPE Labs > Adam Castle > DMARC and the RIPE NCC

DMARC and the RIPE NCC

Adam Castle — 22 Oct 2017
At the RIPE NCC, we run over 100 mailing lists for RIPE NCC members and the RIPE Community. We have been monitoring the DMARC situation very closely to make sure we provide the best solution to our users and the community.

Last year we were notified on the RIPE Database Working Group Mailing List that some users weren’t receiving emails. The reason for this was that there is a reasonable number of Yahoo users subscribed to the mailing list, and Yahoo email service has DMARC enabled. Many corporate email addresses will also be effected by this as well. Including google.com but not Gmail (currently).

To get around this issue, we implemented a fix that was suggested by one of the list members. The fix was only implemented on the RIPE Database Working Group Mailing List so that no user would miss out on any discussion. Unfortunately, this created some visual issues for some users depending what email client was being used. Recently we have changed the DMARC policy on the Database Working Group Mailing List to resolve the client rendering issue.

The Next Steps

One step we took early on was to inform the RIPE Working Group chairs of the issue, as it might well have affected their RIPE Mailing Lists. Currently we have around 500 AOL and Yahoo accounts that might have been affected by DMARC.

We've also been looking into various options available on our infrastructure. Since we're running a CentOS 7 server for our Mailman 2 installation, the most up to date package we can get is Mailman 2.1.24. Whilst this package does have some DMARC solutions, they all involve munging the mail or replacing header content, which would affect all users.

In the meantime, we contacted John Levine, an IETF email guru, to get advice on what we have done and whether we have missed any steps. We are now actively working with John to get a working solution for our applications with the goal of coming up with something that we can pass back to the community for others to use who find themselves in a similar situation.

If this solution isn’t available in a suitable time, we will manually patch our Mailman instances to Mailman 2.1.24 so that we can provide the best current DMARC features to our mailing list subscribers.

Ideally, we would like to upgrade our Mailman applications to Mailman 3, but unfortunately there are currently no easy upgrade options from Mailman 2 to Mailman 3. Mailman 3.2, which is currently not production ready, does have an upgrade option which is workable for our mailing lists. Mailman 3.2 will also have more DMARC features, such as DMARC users only header changes from a DNS lookup. So, given all this, plus the fact that Mailman 2 is not being actively supported anymore, we will migrating to Mailman 3.2 in the future. 

0 Comments

Add comment

You can add a comment by filling out the form below. Comments are moderated so they won't appear immediately. If you have a RIPE NCC Access account, we would like you to log in.