[Mailman-Users] AOL screening Reply-To header thru DMARC ?

Mark Sapiro mark at msapiro.net
Sat Oct 18 21:13:20 CEST 2014

On 10/18/2014 11:26 AM, John Levine wrote:
>> I have a somewhat different issue. I am using dmarc_moderation_action =
>> Munge From, and when an AOL user posts to the list, the list message
>> sent back to the user bounces with "521 5.2.1 :  AOL will not accept
>> delivery of this message. (in reply to end of DATA command))". The same
>> messages sent to other AOL users are accepted by AOL.
> If you're munging with .INVALID or the like, I have observed that AOL and
> some other ISPs now refuse mail if the From: domain doesn't resolve.
> I've changed my hack so it now append a suffix that does resolve (I snagged
> dmarc.fail) and overimplemented it so the munged addresses actually work.

No, I don't munge with .invalid or the like. In these cases,
dmarc_moderation_action replaces the From: address with the list's
posting address and adds the original From: address to Reply-To: if it
isn't there already.

These messages are then sent individually (VERPed) to the list members
and DKIM signed on the way out by the list's domain. AOL accepts the
message on behalf of every AOL recipient except the original poster. As
far as I can see, the only thing in the message that can tie it to the
original poster are the Reply-To: and Message-ID headers.

One possibility is that AOL is doing what Google does and not accepting
a message which duplicates (by message id) one you sent, but being more
open about it and actually refusing the message rather than acceptiong
and discarding it.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list