[Mailman-Users] DMARC mitigation - was: Templates
Mark Sapiro
mark at msapiro.net
Sat Apr 4 19:38:21 CEST 2015
On 04/04/2015 09:59 AM, Laura Creighton wrote:
>
> ps -- anybody know why all mail I see from people on yahoo.com (including JB
> here) arrives to me as from yahoo.com.dmarc.invalid.
>
> It very much seems to be a python.org thing, but, ah, why is python.org
> seeing fit to add this stuff?
It's DMARC mitigation. Mailman has features for this, but on this list
at least they are turned off. See <http://wiki.list.org/DEV/DMARC> for
something about DMARC in general and Mailman's mitigation features.
The problem is yahoo.com, aol.com and a few other domains publish DMARC
policies of 'reject'. For our purposes, this means that a message with a
From: address in one of those domains that is not validly DKIM signed by
that domain will be rejected by a lot of ISPs. List transformations will
break the incoming DKIM sig so the only way to get such a message
accepted by many large ISPs is to munge the From: domain in some way.
See the archives of this list from last April at
<https://mail.python.org/pipermail/mailman-users/2014-April/> for much
discussion of this.
Mailman's From: address munging will replace, e.g.
From: Mark <mark_sapiro at yahoo.com>
with, e.g.
From: Mark via Mailman-Users <mailman-users at python.org>
and add the original From: to Reply-To:, but that doesn't happen with
python.org mailing lists because the incoming MTA at mail.python.org
deals with this differently by just appending .dmarc.invalid to From:
addresses @yahoo.com, @aol.com and a couple of other domains.
Some people think this approach is less disruptive than Mailman's way -
i.e. users when replying are astute enough to just remove the
.dmarc.invalid, or if not, maybe they'll figure it out after seeing the
bounce DSN.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list