[Mailman-Users] Executive summary of DMARC issues

Stephen J. Turnbull stephen at xemacs.org
Thu May 15 05:47:18 CEST 2014

Peter Shute writes:

 > When MS365 forwards the mails sent to the distribution list, should
 > that make the DMARC authentication fail? I thought that only
 > happened if you made changes like adding a prefix to the subject
 > line like Mailman does.

If it forwards verbatim *and* the sending domain signs the mail with
DKIM (the common case), DMARC validation will succeed.  Without DKIM,
DMARC validation is guaranteed to fail.  However, even in the sender
uses DKIM, *any* change *whatsoever* to the body will cause validation
to fail, and there are several changes to the header that could cause
it to fail.  Furthermore, which parts of the header are protected by
the DKIM signature are determined by the sender, not by DMARC AFAIK.

If distribution lists are pure forwards, MS365 will be OK.  But I find
it hard to believe that that level of functionality is popular with
users -- there's a reason why all popular MLMs implement subject
prefixes, body headers and body footers, and it isn't "because it's
the Microsoft way".

More information about the Mailman-Users mailing list