[Mailman-Users] Customize "From" when munging it for DMARC?

Mark Sapiro mark at msapiro.net
Fri Aug 4 17:32:07 EDT 2017 

On 08/04/2017 01:35 PM, Jordan Brown wrote:
> On 8/4/2017 12:51 PM, Mark Sapiro wrote:
>> I'm aware of issues with Microsoft services adding 'spoofing' warnings
>> to messages where the From: address and the To: address are the same.
>> Is this what you were referring to by "Setting it to the list name
>> interacts badly with outloook.com and hotmail.com replies." in your
>> OP. If not that, then what?
> 
> I haven't investigated deeply, but with an original message like:


Thanks for the info.


>     Return-Path: <list1-bounces at listdomain.org>
>     Return-path: <list1-bounces at listdomain.org>
>     Date: Wed, 2 Aug 2017 19:44:35 +0000 (UTC)
>     To: list2 <list2 at listdomain.org>, 
>     	list1 <list1 at listdomain.org>
>     Subject: [list1] ...
>     X-BeenThere: list1 at listdomain.org
>     X-Mailman-Version: 2.1.23
>     Precedence: list
>     List-Id: "list1" <list1.listdomain.org>
>     List-Unsubscribe: <http://listdomain.org/mailman/options/list1_listdomain.org>, 
>     	<mailto:list1-request at listdomain.org?subject=unsubscribe>
>     List-Post: <mailto:list1 at listdomain.org>
>     List-Help: <mailto:list1-request at listdomain.org?subject=help>
>     List-Subscribe: <http://listdomain.org/mailman/listinfo/list1_listdomain.org>,
>     	<mailto:list1-request at listdomain.org?subject=subscribe>
>     From: Jane User via list1 <list1 at listdomain.org>
>     Reply-To: Jane User <jane at example.net>
>     Errors-To: list1-bounces at listdomain.org
>     Sender: "list1" <list1-bounces at listdomain.org>
> 
> Two of my users (on outlook.com and hotmail.com) ended up with
> reply-to-all results that were addressed to Joe User and list2, but not
> to list1 at all.  ...

> My theory is that MS is (wrongly) dropping the "To" copy of list1 from
> the reply because it's the From, and then (correctly) using the Reply-To
> instead of the From.


It looks to me as if your theory is correct, except I wouldn't say
"wrongly". I think an MUA is arguably doing the right thing by
overriding the From: address with the Reply-To: address on a reply-all
even though the From: address is also in To:.

I agree that this is an issue because without From: munging the message
would be From: Jane User <jane at example.net> and presumably reply-all
would go to Jane and both lists in To:.

Here's what I say in the code

>     # MAS: We need to do some things with the original From: if we've munged
>     # it for DMARC mitigation.  We have goals for this process which are
>     # not completely compatible, so we do the best we can.  Our goals are:
>     # 1) as long as the list is not anonymous, the original From: address
>     #    should be obviously exposed, i.e. not just in a header that MUAs
>     #    don't display.
>     # 2) the original From: address should not be in a comment or display
>     #    name in the new From: because it is claimed that multiple domains
>     #    in any fields in From: are indicative of spamminess.  This means
>     #    it should be in Reply-To: or Cc:.
>     # 3) the behavior of an MUA doing a 'reply' or 'reply all' should be
>     #    consistent regardless of whether or not the From: is munged.
>     # Goal 3) implies sometimes the original From: should be in Reply-To:
>     # and sometimes in Cc:, and even so, this goal won't be achieved in
>     # all cases with all MUAs.  In cases of conflict, the above ordering of
>     # goals is priority order.

Clearly in this case with these MUAs we don't meet Goal 3) and this
falls into "even so, this goal won't be achieved in all cases with all
MUAs."

I think it might be possible to munge the address to
no_reply at example.com instead of listname at example.com in all cases of
From: munging. I have to consider all the possible consequences of this,
or as many as I can think of, before actually doing it.

One issue that comes to mind immediately is when the original From: goes
in Cc:. This is when the Reply-To: is munged to be the list address and
is done so that "reply" goes only to the list and "reply-all" includes
the original From:. In this case, "reply-all" may (arguably wrongly, but
still ...) include the no_reply address which is bad.

I'm inclined to leave it as is for now, but I'll continue to think about it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list