[Mailman-Users] yahoo.com.INVALID as a DMARC defense [was: 2.1.18 internal documentation suggestions]

Stephen J. Turnbull stephen at xemacs.org
Sat May 3 14:43:31 CEST 2014

Andrew Partan writes:

 > Until people figure out real ways of making DMARC work with forwrders
 > & mailing lists (see ietf-822 at ietf.org for one place discussions
 > are going on), I think it useful to have more work-around hacks out
 > there so that people can experiment with them to see which ones
 > more-or-less work in different situations.

That's what they said about Reply-To munging, too.

If people want to implement them themselves and try them out, heck,
I've been wrong before and I'll be wrong again.  But I don't think
*Mailman* should proactively implement RFC violations unless there's a
clear and present danger, and then the violations should try to be

DMARC, since it causes denial of service to third parties, is such a
clear and present danger.  Here I interpret "minimal" to mean "try to
avoid to adding to the set of RFC violations out there."  I know it's
tempting to imply that yahoo.com is an invalid domain, but it's not at
all necessary given that substituting the list-post address is what
Yahoo itself suggests.  The original user is easily replied to via the
Reply-To hack.

[1]  Retroactive implementation, such as "Reply-To munging", may be
appropriate in response to customer demand.

More information about the Mailman-Users mailing list