[Mailman-Users] DMARC mitigation - was: Templates

[Mark Sapiro]

On 04/04/2015 09:59 AM, Laura Creighton wrote:
> 
> ps -- anybody know why all mail I see from people on yahoo.com (including JB
> here) arrives to me as from yahoo.com.dmarc.invalid.
> 
> It very much seems to be a python.org thing, but, ah, why is python.org
> seeing fit to add this stuff?


It's DMARC mitigation. Mailman has features for this, but on this list
at least they are turned off. See <http://wiki.list.org/DEV/DMARC> for
something about DMARC in general and Mailman's mitigation features.

The problem is yahoo.com, aol.com and a few other domains publish DMARC
policies of 'reject'. For our purposes, this means that a message with a
From: address in one of those domains that is not validly DKIM signed by
that domain will be rejected by a lot of ISPs. List transformations will
break the incoming DKIM sig so the only way to get such a message
accepted by many large ISPs is to munge the From: domain in some way.

See the archives of this list from last April at
<https://mail.python.org/pipermail/mailman-users/2014-April/> for much
discussion of this.

Mailman's From: address munging will replace, e.g.

From: Mark <mark_sapiro at yahoo.com>

with, e.g.

From: Mark via Mailman-Users <mailman-users at python.org>

and add the original From: to Reply-To:, but that doesn't happen with
python.org mailing lists because the incoming MTA at mail.python.org
deals with this differently by just appending .dmarc.invalid to From:
addresses @yahoo.com, @aol.com and a couple of other domains.

Some people think this approach is less disruptive than Mailman's way -
i.e. users when replying are astute enough to just remove the
.dmarc.invalid, or if not, maybe they'll figure it out after seeing the
bounce DSN.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan