[Mailman-Developers] Fixing DMARC problems with .invalid munge
Barry Warsaw
barry at list.org
Wed May 7 04:15:24 CEST 2014
On May 04, 2014, at 01:26 PM, John Levine wrote:
>I realize I'm a bit late to this party, but this is a technique that I
>don't think has been addressed here. On my lists I've fixed the DMARC
>bounces by rewriting From: lines of DMARC'ed domains like this on the
>way out:
>
> From: Marissa <mmeyer at yahoo.com>
>
>to
>
> From: Marissa <mmeyer at yahoo.com.invalid>
I have some sympathy for this approach, as I mentioned over in mailman-users.
It violates RFCs so I'm not sure Mailman should adopt it, but it's worth
experimenting with, and I'm glad you (John) are doing so, and providing
feedback here.
I'm not personally concerned about the effects of .invalid on phishing, since
I largely agree with John's later statement that there are plenty of "pretty
close" domains you can stick in the From header that will fool most
non-technical users. Heck, I see dozens per day and some are clever enough to
even fool me before close inspection reveals the subterfuge. Add to that, as
others have observed, that many MUAs don't even display the actual email
address.
Of course, adding .invalid doesn't really solve the problem, and I'm quite
uncomfortable with overloading even more operations onto Reply-To. As seen on
mailman-users, the interactions with the various options is a mess, difficult
to get right, fragile, and difficult to understand all the implications.
Message wrapping is the safest but equally unsatisfying. It's pretty clear to
me that there are *no* good solution today to DMARC's affect on mailing lists,
only less bad ones.
-Barry
More information about the Mailman-Developers
mailing list