[Mailman-Developers] Fixing DMARC problems with .invalid munge

[John Levine]

>>   From: Marissa <mmeyer at yahoo.com.invalid>

>Our concerns are the possibility of mail being rejected by recipient
>MTAs because of the invalid From: address and user complaints about
>difficulty in replying to the poster.

Those are exactly the things I was worried about, too.

I've seen no rejections at all due to the address.  In an earlier
iteration I tried using a null group address like this, which got
rejected all over the place:

  From: "Marissa <mmeyer at yahoo.com>" :;

(That is legal syntax since March 2013 per RFC 6854, but few MTAs have
been updated to take note, and anything that does DMARC processing
tends to freak out if there is not exactly one From: address.)

The .invalid hack seems fine, no bounces, and no complaints about
disappearing mail.  There are mutant versions of this hack where you
append a name with a wildcard that resolves but has an MTA that
rejects all the mail, and a really evil one where you append a name
that points to a server that rewrites the address and remails it, e.g.
mmeyer at yahoo.com.remail.lists.org -> mmeyer at yahoo.com.

For replies, I expected complaints, since I'm using it on some busy
lists for my church where people complain about every little burp, but
to my surprise I've gotten none.  I think one reason is that you can
still use an unmunged Reply-To, which a lot of users do, and the other
is that it's pretty obvious what to do to get the address to work,
unlike trying to guess the author's address if the From: is the list.

Something I have considered but not implemented is to add a fake Cc:
line with the unmunged address so reply-to-all will work.  It's not
clear whether that would be more confusing than useful.

Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.