[Mailman-Users] DMARC handler

Mon Jun 23 22:44:28 CEST 2014

On 6/21/2014 8:24 PM, Mark Sapiro wrote:
> On 06/21/2014 04:04 PM, Ron Guerin wrote:
>> I'm struggling to find a palatable solution to the configuration of a
>> list, and the new Yahoo-style DMARC problem.
>>
>> The list has mung on, as well as Reply-To: set to the list.  The end
>> result is nowhere does the original sender's address appear in the
>> messages, when having them readily visible is the desired behavior.
> 
> 
> In Mailman 2.1.18-1, the posters address will also be in Reply-To: with
> Reply-To: set to the list. In Mailman 2.1.16 and 2.1.17, this wasn't the
> case (I think only if first_strip_reply_to was Yes).
> 
> 
>> I was wondering about asking someone to make a Mailman handler that
>> would re-write the From: address after munging to:
>>
>> 	Jane Doe (jane at example.com) via listname <list at example.net>
>>
>> My question now is, is there any reason why re-writing it this way would
>> be a bad idea?
> 
> 
> Yes. According to
> <http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html>:
> 
> The inclusion of more than one domain in the RFC5322.From field is
> dangerous.  Recent studies by two major senders show that ~95% of all
> cases in which there is one domain in the RFC5322.From "display name"
> and different domain in the RFC5322.From "address-spec" are fraudulent.
>  This practice should be discouraged as there are efforts underway to
> increase "spam scores" within inbound filtering when this is detected.

I've been absorbing a lot of input about this and while the part of me
that just wants to get things done still likes the idea of putting the
address into the comment field, I'm finding the argument persuasive that
as soon as people /expect/ to find a valid address in the comment field,
the cold clammy hands of DMARC will choke that off too.  I don't find
the argument /valid/ mind you, as the comment field is the comment
field, and no MUA (save ones with a very specific bug) are ever going to
treat it as anything but a commment, but I completely believe that
anything that reduces the pain of DMARC will eventually run afoul of DMARC.

Now you tell me that it's actually a useful indicator of spamminess.
That feels like the last nail in the coffin.

> But, on the other hand, that's exactly what Yahoo Groups is doing, so
> take your pick.
> 
> If having the poster's address in Reply-To: would be satisfactory, try
> setting first_strip_reply_to to No.

That may be the least objectionable solution that's still
"DMARC-friendly", but then I'm probably annoying subscribers who aren't
using DMARC to reject mail their users asked for.

> Changing CookHeaders to munge the from as you suggest is a very simple
> patch. I have attached a 2.1.16/17 version. Note that even with this
> patch, the bug at <https://bugs.launchpad.net/mailman/+bug/1304511> is
> not completely fixed. Also note John's objection won't apply as this
> will be formatted as
> 
>   "Jane Doe <jane at example.com> via listname" <list at example.net>

I had it in my mind before he mentioned it that I'd have to look into
what triggers quoting of the comment field, but his input reassures me
that it's not likely to cause other problems from a technical
standpoint.  From a social standpoint though, it seems to be an idea
living on borrowed time.

I would really like to do, as someone said earlier, just say "Friends
don't let Friends use Yahoo or AOL Mail."  But count me in with those
expecting Gmail to be next.  That's nearly half the subscribers of the
list I've been asking in regard to.

And thanks for sending code again, you're the best!

- Ron