[Mailman-Developers] Adding DMARC support for Mailman 3

Franck Martin franck at peachymango.org
Sun Jul 7 04:00:15 CEST 2013 

Greetings,

Patrick asked me to introduce a bit why DMARC and mailman.

In one year DMARC has gained good support (60% of worldwide mailboxes are protected with DMARC http://www.dmarc.org/news/press_release_20130206.html), but like others I'm worried about the long tail. This is the reason some of the people working with DMARC.org have been sponsoring the openDMARC implementation to make it available on a large set of mail servers (cf http://www.trusteddomain.org/opendmarc/ for a list of sponsors). Some openDMARC packages are now available and I expect to see them as part of GNU/Linux distros anytime soon. 

Similarly, I'm interested to offer the option to list administrators to transition to a behavior that makes the lists safe/working/compatible with DMARC. As Patrick explained, there are about 3 possibilities, while I'm interested more in some than others (I personally experimented with the patch to mailman 2.1), it is only fair to offer the 3 options and let the list administrator choose the one more suitable for his/her needs. Once Patrick has a better understanding on how to best implement these 3 options, it will be easy, like for openDMARC, to sponsor the work to make it as part of mailman3. I know that several DMARC.org members have shown interest to do so.

In an other year, with the help of the mailman community, we can progress more in the fight against fake emails. While this may sound like a sales pitch, there has not been so much excitement in email for a long time.

Franck Martin
https://www.linkedin.com/in/franckmartin

----- Original Message -----
From: "Patrick Ben Koetter" <p at sys4.de>
To: "Mailman Developers" <Mailman-Developers at python.org>
Sent: Monday, July 1, 2013 3:44:15 PM
Subject: [Mailman-Developers] Adding DMARC support for Mailman 3

Greetings,

I am writing on behalf of a group of companies and single persons, who would
like to see a limited feature set of the DMARC¹ standard supported by Mailman
3.

Since I know we're all eager to get MM3 out as soon as possible and any
additional new feature request stands against that I've contacted Barry offlist
and asked if he'd agree that the companies involved pay us, sys4², to implement
the feature. He did and we also agreed to dedicate a significant part of the
payment to mailman's FSF donation account.

Before we take out to write code, I would like to ask mailman-developers how it
should be done to fit best into Mailman's architecture. Here are the DMARC
features that should go into Mailman 3:

- don't allow email that comes from a domain with a DMRAC record of p=reject
- take ownership of the email and send it with a From: using the
  domain of the mailing list. (There's a patch for this for Mailman 2.1, which
  might might be helpful for Mailman 3.)
- find the authentication-results header and rewrite it as an
  Original-Authentication-header:
  http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html

Speaking of an RFC written by Murray Kucherawy. I've contacted Murray in
advance and asked him to assist in case we had any questions regarding his
RFC(s). He subscribed and ready to help.

I hope I was able to bring all parties required together to make a Mailman
DMARC implementation come true and I am curious to hear what you have to say.

p at rick

More information about the Mailman-Developers mailing list