[Mailman-Users] DMARC and gmail

Mark Sapiro mark at msapiro.net
Wed Jul 19 11:05:42 EDT 2017

On 07/19/2017 06:13 AM, Kevin Nowaczyk via Mailman-Users wrote:
> ... dmarc_none_moderation_action is No. ...
> After changing to "Munge From" it still has a DMARC fail. What are the differences that I should be seeing after changing the dmarc_moderation_action? Here is an authentication header of a message from a gmail user to a gmail user.

gmail.com publishes DMARC p=none

_dmarc.gmail.com.	399	IN	TXT	"v=DMARC1; p=none;
rua=mailto:mailauth-reports at google.com"

Thus, you will see no differences in mail From: gmail.com unless you
also set dmarc_none_moderation_action to Yes. (Note that this setting is
not really recommended and is not available in Mailman 3's DMARC

The underlying issue may be (speculating here) that Gmail doesn't like
mail From: gmail.com with broken gmail.com DKIM signatures. If so, this
is contrary to the recommendation of the DKIM standard RFC 6376. Section
6.3 of that RFC says in part:

   If the email cannot be verified, then it SHOULD be treated the same
   as all unverified email, regardless of whether or not it looks like
   it was signed.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list