Microsoft O365 labels nanog potential fraud?

Brad Knowles brad at
Wed Mar 29 17:54:07 UTC 2017

On Mar 29, 2017, at 11:06 AM, Leo Bicknell <bicknell at> wrote:

> While I haven't looked at real mailing list software recently
> (e.g. mailman) when I last did they didn't suport this either and
> it took a pile of 3rd party hacks to make it work.

The latest versions of Mailman (2.1.23 and 3.0.0) both work reasonably well out-of-the-box with SPF, DKIM, and DMARC.  Some additional configuration tuning might be necessary for additional compatibility.  However, those features are still available in an out-of-the-box configuration, they’re just not enabled by default because they might cause more problems than they would solve for certain types of typical installations.  So, if you want those features, you need to turn them on.

IMO, Mailman3 works better out-of-the-box with SPF, DKIM, and DMARC as compared to Mailman 2.1.x, but that codebase is still pretty fresh.  We’re now using it by default for mailing lists hosted on, but we have not yet converted any of the older Mailman 2.1.x lists over to Mailman 3.  We haven’t noticed any major problems yet with the latest version of Mailman3, but we still want to be careful in our testing.

> For that matter, setting up DKIM is horrendously complicated for 
> no good reason…

Sites like DMARCian help with that process to a degree, but there’s still a lot of complexity there that I would like to see handled automatically.

Unfortunately, that’s kind of the nature of the beast right now with these tools.  The technology is still complex and difficult to configure, and it’s easy to set things up in a way that you wind up shooting yourself in the foot — and possibly with a large thermonuclear device.

No provider is immune to these mistakes, and some providers are more likely to make big mistakes than others.

Brad Knowles <brad at>

More information about the NANOG mailing list