[Mailman-Users] DMARC and From header munging

Lindsay Haisley fmouse at fmp.com
Thu Apr 17 21:36:44 CEST 2014

On Fri, 2014-04-18 at 03:51 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
>  > Mailman to change the From: address to a VERP-like address with the
>  > author's address encapsulated within an address @ the list server.
>  > Any mail received by the list server for this address would have
>  > its address parsed by Mailman and be redirected to the original
>  > author's real email address.  Would this pass RFC compliance?
> Technically, it probably does.  The problem is that Mailman doesn't
> handle those mails, the MTA does.  It would be reasonably easy to set
> up a filter and have the MTA pass the message to that filter.

We already do this for listname-subscribe, listname-owner,
listname-bounces, etc.  The addition of another similar name extension
should be no problem. 

> It's very ugly, though, especially if for some reason you have no
> display name to work with.

Agreed!  But the display name is free form and strictly informational.
Could this not be the subscriber name of the author, if it's part of the
subscription record?

> A bigger problem, as stated what you've done is to set up an open
> relay.  So you would need to either maintain a database of valid
> addresses forever, or do some crypto trickery so that only valid
> addresses would be forwarded.  The latter would involve key
> management, etc.

This is a good point, so the encapsulated address would have to be
obfuscated in some way.  Crypto wouldn't be difficult.  I've already
hacked AES encryption/decryption into Mailman for generating a
Resent-Message-ID: header containing the recipient address.  I have a
single key in mm_cfg.py and as long as it stays the same then addresses
will translate. But I see your point.  This is putting RFC compliance
out an a very long and thin thread.  If you change the key, your entire
archive of emails becomes theoretically non-compliant, and this is
indeed ugly.

> N.B. I read a very similar suggestion somewhere, probably in the DMARC
> Internet-Draft or in their FAQ.

Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |

More information about the Mailman-Users mailing list