[tor-bugs] #12821 [TorBirdy]: using torbirdy + thunderbird: domains emailing with dmarc
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 5 14:44:28 UTC 2015
#12821: using torbirdy + thunderbird: domains emailing with dmarc
-------------------------+-------------------------------------------------
Reporter: | Owner: ioerror
cypherpunks | Status: new
Type: project | Milestone:
Priority: normal | Version: Tor: unspecified
Component: | Keywords: torbirdy, thunderbird, dmarc, dkim,
TorBirdy | adsp, spf, email
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by leeroy):
If you use DMARC with a domain using SPF it shouldn't be a surprise you
get consistent failures as SPF is ip based. Unless you've authorized the
ip of the exit used for the mail server communications it'll fail because
SPF must know that ip in advance. Even if you update your SPF records to
include exits it takes time to distribute the changes. DMARC compliance
requires either DKIM or SPF+DKIM be used. It definitely sounds like the
root of DMARC failure reports is your use of SPF on Tor.
As to whether the reporting is privacy invasive--it's no more invasive
than using DKIM or SPF without DMARC. They're all DNS based. The goal is
to improve deliverability. In the least DMARC compliance requires records
for DKIM so no matter what the receiving mail server is going perform a
DNS lookup.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12821#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list