[Mailman-Users] Ignore DMARC bounces?
bryan.wright at rigaku.com
Mon Jun 16 19:10:05 CEST 2014
Could we not send the message out as usual, then on a p=reject bounce, forward the original message (so it comes from the mailing list) along with an explanation of what is transpiring to the bounced user, plus to the message author? Maybe include a note suggesting the author change mail providers. This way if the message author's domain causes 20 bounces, they get 20 messages letting them know they need to change mail providers.
From: Mailman-Users [mailto:mailman-users-bounces+bryan.wright=rigaku.com at python.org] On Behalf Of Stephen J. Turnbull
Sent: Saturday, June 14, 2014 7:42 AM
Cc: mailman-users at python.org
Subject: Re: [Mailman-Users] Ignore DMARC bounces?
> Modifying the messages bothers me (and a lot of other people, as > indicated by the last dozen times similar conversations have been had, > about changing Reply-To and From and Subject and ...) and should be > the last resort.
Well, actually the point is that lists need to do fewer modifications than they already do. DMARC has two tests, one for the domain in From being equivalent to the IP of the SMTP client, which will fail unless the author is at the mailing list's domain, and a DKIM signature. The signature will survive and be valid at the recipient in the case that the message is completely unmodified.
However, mailing lists typically make one or more of the following
modifications: add a list tag to the Subject field, add a header or footer to the body, remove prohibited MIME bodies (.exes, text/html, etc), or transform text/html to text/plain. Any of those will cause the usual DKIM signature to be invalidated. DMARC-using domains typically sign From (required by the DKIM protocol), To, Cc, Subject, and the whole body (effectively including the end of the message, preventing appended material such as a footer).
My personal opinion is that these traditional changes are expected and desired by mailing list subscribers, and that posting from "p=reject"
domains is thereby a violation of the policy of the "p=reject" domain, and places other subscribers at risk. I think mailing lists should reject such posts (if the signature is valid), or silently discard them (if it is not).
However, subscribers from those domains are unlikely to agree ....
Mailman-Users mailing list Mailman-Users at python.org https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
More information about the Mailman-Users