[Mailman-Users] DMARC issue with Mailman List

Stephen J. Turnbull turnbull.stephen.fw at u.tsukuba.ac.jp
Tue Mar 21 13:19:09 EDT 2017

Mark Sapiro writes:

 > > Our configuration is that our web site integration with PayPal has PayPal
 > > sending confirmation emails to a mailman list called treasurer-alias, so
 > > that multiple people are aware of the PayPal transaction.
 > PayPal.com publishes DMARC p=reject. Your treasurer-alias list makes
 > some message transformation such as adding a footer or subject prefix
 > that breaks PayPal's DKIM signature. Therefore recipient list member's
 > ISPs that honor DMARC will reject the message.
 > See <https://wiki.list.org/x/17891458> items 1) and 2) for ways to deal
 > with this. If your Mailman is 2.1.18+, I suggest setting Privacy
 > options... -> Sender filters -> dmarc_moderation_action to Munge From.

I recommend against that, since this is exactly the transactional
mailflow that DMARC "p=reject" was designed for.  Munge From makes it
difficult-to-impossible to verify mail apparently from PayPal without
ARC, which probably is not available on your site yet.

On the other hand, I suppose that there are few members of
treasurer-alias, and they would probably be willing to accept this
mailflow without the usual Subject tags and footer.  So the annoyance
level should not be huge if they were omitted.  So, I recommend that
you configure your list not to touch the Subject and body instead.


More information about the Mailman-Users mailing list