[Mailman-Users] DMARC issue with Mailman List
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Tue Mar 21 13:19:09 EDT 2017
Mark Sapiro writes:
> > Our configuration is that our web site integration with PayPal has PayPal
> > sending confirmation emails to a mailman list called treasurer-alias, so
> > that multiple people are aware of the PayPal transaction.
> PayPal.com publishes DMARC p=reject. Your treasurer-alias list makes
> some message transformation such as adding a footer or subject prefix
> that breaks PayPal's DKIM signature. Therefore recipient list member's
> ISPs that honor DMARC will reject the message.
> See <https://wiki.list.org/x/17891458> items 1) and 2) for ways to deal
> with this. If your Mailman is 2.1.18+, I suggest setting Privacy
> options... -> Sender filters -> dmarc_moderation_action to Munge From.
I recommend against that, since this is exactly the transactional
mailflow that DMARC "p=reject" was designed for. Munge From makes it
difficult-to-impossible to verify mail apparently from PayPal without
ARC, which probably is not available on your site yet.
On the other hand, I suppose that there are few members of
treasurer-alias, and they would probably be willing to accept this
mailflow without the usual Subject tags and footer. So the annoyance
level should not be huge if they were omitted. So, I recommend that
you configure your list not to touch the Subject and body instead.
More information about the Mailman-Users