Patrick asked me to introduce a bit why DMARC and mailman.
In one year DMARC has gained good support (60% of worldwide mailboxes are protected with DMARC http://www.dmarc.org/news/press_release_20130206.html), but like others I'm worried about the long tail. This is the reason some of the people working with DMARC.org have been sponsoring the openDMARC implementation to make it available on a large set of mail servers (cf http://www.trusteddomain.org/opendmarc/ for a list of sponsors). Some openDMARC packages are now available and I expect to see them as part of GNU/Linux distros anytime soon.
Similarly, I'm interested to offer the option to list administrators to transition to a behavior that makes the lists safe/working/compatible with DMARC. As Patrick explained, there are about 3 possibilities, while I'm interested more in some than others (I personally experimented with the patch to mailman 2.1), it is only fair to offer the 3 options and let the list administrator choose the one more suitable for his/her needs. Once Patrick has a better understanding on how to best implement these 3 options, it will be easy, like for openDMARC, to sponsor the work to make it as part of mailman3. I know that several DMARC.org members have shown interest to do so.
In an other year, with the help of the mailman community, we can progress more in the fight against fake emails. While this may sound like a sales pitch, there has not been so much excitement in email for a long time.
Franck Martin https://www.linkedin.com/in/franckmartin
----- Original Message ----- From: "Patrick Ben Koetter" email@example.com To: "Mailman Developers" Mailman-Developers@python.org Sent: Monday, July 1, 2013 3:44:15 PM Subject: [Mailman-Developers] Adding DMARC support for Mailman 3
I am writing on behalf of a group of companies and single persons, who would like to see a limited feature set of the DMARC¹ standard supported by Mailman 3.
Since I know we're all eager to get MM3 out as soon as possible and any additional new feature request stands against that I've contacted Barry offlist and asked if he'd agree that the companies involved pay us, sys4², to implement the feature. He did and we also agreed to dedicate a significant part of the payment to mailman's FSF donation account.
Before we take out to write code, I would like to ask mailman-developers how it should be done to fit best into Mailman's architecture. Here are the DMARC features that should go into Mailman 3:
- don't allow email that comes from a domain with a DMRAC record of p=reject
- take ownership of the email and send it with a From: using the domain of the mailing list. (There's a patch for this for Mailman 2.1, which might might be helpful for Mailman 3.)
- find the authentication-results header and rewrite it as an Original-Authentication-header: http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html
Speaking of an RFC written by Murray Kucherawy. I've contacted Murray in advance and asked him to assist in case we had any questions regarding his RFC(s). He subscribed and ready to help.
I hope I was able to bring all parties required together to make a Mailman DMARC implementation come true and I am curious to hear what you have to say.