What DMARC mitigations are applied an under what circumstances are list configuration settings. The Munge From mitigation was introduced in Mailman 2.1.16 but in that version could only be applied to all list posts. This is controlled by the from_is_list setting. Beginning with Mailman 2.1.18 there is also a dmarc_moderation_action setting that can apply Munge From only to posts which are From: a domain that publishes DMARC p=reject and optionally also From: a domain that publishes DMARC p=quarantine (controlled by dmarc_quarantine_moderation_action). Beginning with Mailman 2.1.21 there is a dmarc_none_moderation_action setting that can apply DMARC mitigations to posts From: a domain that publishes DMARC p=none. So if a list owner sets the list roster to be available to the admin only and is concerned about this potential membership leak, there are ways to apply DMARC mitigations to all posts or to posts From: a domain that publishes any DMARC policy including none. Also see https://bugs.launchpad.net/mailman/+bug/1539384 which prompted the ability to apply DMARC mitigations to posts From: a domain that publishes DMARC p=none. ** Changed in: mailman Status: New => Invalid -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1632036 Title: Munging report-only DMARC To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1632036/+subscriptions