[Mailman-Users] options for dealing with DMARC

Mark Sapiro mark at msapiro.net
Thu Dec 28 16:27:21 EST 2017

On 12/28/2017 11:57 AM, Jordan Brown wrote:
> That's leading me to wonder whether there's another way, whether I can
> leave From alone and still get past the DMARC checks.  Wikipedia tells
> me that DMARC passes if either SPF *or* DKIM passes.  There's no hope
> for SPF with the original sender in From, because the mailing list
> server isn't the user's mail server.  However, DKIM seems like it
> *might* pass, if I'm careful in how I configure the mailing list.

Correct. As pointed out in item 2 at <https://wiki.list.org/x/17891458>
you can avoid breaking DKIM signatures by turning off Content filtering,
scrubbing of non-digest messages and Reply-To: header munging and remove
subject_prefix, msg_header and msg_footer so Mailman doesn't make
message modifications that break DKIM signatures.

If you are willing to have your list not make any such transformations,
that will work.

Ideally, you might check DMARC on incoming mail, because if it fails,
that mail will bounce anyway. E.g., I have seen a case where a user had
configured a "Yahoo" account in her local email client to send From: her
yahoo.com address but not send via a yahoo SMTP server. Thus, all of her
mail, including list mail, would be bounced by anyone not checking DMARC
because it had no yahoo.com DKIM signature, but in the case of list mail
without DMARC mitigations, this would cause multiple recipients to
bounce the mail and perhaps have their delivery disabled.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list