[Mailman-Users] DMARC and Gmail

[Stephen J. Turnbull]

Alain Williams writes:

 > They should have allowed/defined a new 2xy code that could be
 > returned, eg 253 which means ''Mail accepted but will be
 > discarded''.

That's problematic.  It would require an extension negotiated via EHLO
at least, and maybe a new SMTP RFC, since there's no registry for
extensions to the SMTP reply codes.  It might not be harmful, since
most modern MTAs are 2821-conforming, and so must interpret 253 as a
"2yz success" == 250, even if they don't understand 253 specifically.
I note that RFC 821, the current standard, does *not* have this
requirement, though.  Still, it could work, I guess, since DMARC
policies are outside-of-RFC agreements anyway.

 > However: it still means that some people on mail lists occasionally
 > don't get stuff - this will cause confusion at best or could be
 > dangerous (if the mail list has a critical function).

Sure, but that's the tradeoff that DMARC explicitly makes.  DMARC
thinks that rejecting spam and phishing is sometimes more important
than delivering legitimate mail, and that the provider of a mailbox is
the appropriate entity to make that decision.

It's not limited to mailing lists, either.  Anybody who has a
forwarding mailbox is at some risk (in a personal .forward this is a
simple pass-through preserving the DKIM signature so it should be OK,
but I've seen commercial forwarders who add junk in the footer), and
it breaks the common patterns where a website allows you to request a
mail to a friend or an email service provider allows you to use
different From addresses (all of my mail from my @xemacs.org address
is sent from a different domain, and of the large webmail providers at
least Gmail provides this feature, and I use it occasionally).