[Mailman-Users] DMARC problems

Mark Sapiro mark at msapiro.net
Fri Jul 15 21:31:47 EDT 2016 

On 07/15/2016 05:22 PM, Richard Johnson wrote:
> This is described as:
> 
>> Action to take when anyone posts to the list from a domain with a
>> DMARC Reject/Quarantine Policy.
> 
> but the problem I'm getting is:
> 
> https://help.yahoo.com/kb/postmaster/SLN7253.html
> 
> which seems to be caused by the "From" address not matching the
> domain name wince the message was sent.


That link discusses mail rejected by Yahoo which may or may not have
anything to do with DMARC. The typical DMARC issue is mail From: a
yahoo.com user is bounced by multiple recipient ISPs including, but not
limited to Yahoo.


> I think in order to satisfy
> this, I need to simply apply "from_is_list"="Munge From".  When I
> apply this along with "reply_goes_to_list"="This list", then the
> original sender's address appears in the "CC" list, which is ok,
> since most people just hit "reply" and not "reply all".  I created a
> test list and played with it, looking at the SMTP interaction to
> verify that yahoo seems to think this is fine.


I think you'll find that setting from_is_list to No and
dmarc_moderation_action to Munge From and possibly also setting
dmarc_quarantine_moderation_action to Yes will also work, but will only
apply the Munge From action to posts From: domains such as yahoo.com
that publish DMARC p=reject policies and optionally domains that publish
p=quarantine.

As far as the original poster's address in Cc: is concerned, we try to
make Munge From result in mail which will be dealt with by MUA reply and
reply all the same as unmunged mail.

Thus, if reply_goes_to_list is Poster, we put the original poster's
address in Reply-To: so with compliant MUAs at least, 'reply' goes to
the OP and 'reply-all' goes to the OP and the list address in To:.

For reply_goes_to_list = This list, we put the OP's address in Cc:
rather than Reply-To: so 'reply' will go to only the list, but 'reply
all' will go to the list and the OP.

In all cases, we want the OP's address somewhere in visible headers.

Here are our goals (from comments in the handler that does this):

# We need to do some things with the original From: if we've munged
# it for DMARC mitigation.  We have goals for this process which are
# not completely compatible, so we do the best we can.  Our goals are:
# 1) as long as the list is not anonymous, the original From: address
#    should be obviously exposed, i.e. not just in a header that MUAs
#    don't display.
# 2) the original From: address should not be in a comment or display
#    name in the new From: because it is claimed that multiple domains
#    in any fields in From: are indicative of spamminess.  This means
#    it should be in Reply-To: or Cc:.
# 3) the behavior of an MUA doing a 'reply' or 'reply all' should be
#    consistent regardless of whether or not the From: is munged.
# Goal 3) implies sometimes the original From: should be in Reply-To:
# and sometimes in Cc:, and even so, this goal won't be achieved in
# all cases with all MUAs.  In cases of conflict, the above ordering of
# goals is priority order.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list