[Mailman-Users] cause of bounces

Grant Taylor gtaylor at tnetconsulting.net
Tue Oct 17 12:10:56 EDT 2017

On 10/14/2017 02:07 PM, Stephen J. Turnbull wrote:
> For (2) to make sense, the email provider should have a policy that
> prohibits use of its mailboxes to post to mailing lists, and it must
> not provide "on behalf of" services such as sending photographs or
> newspaper articles using your address in From.  This makes sense for
> banks and other financial institutions, and use of DMARC "p=reject"
> has pretty much eliminated phishing using mail with real bank
> addresses in From.

Some drive by comments:

  - IMHO, "on behalf of" services (I like that description) should be 
sent with a From: address that reflects the service -and- utilize a 
Reply-To: that reflects the email address of the purported sender. 
(Further, the service's From: address /should/ be legitimate and not 
bounce.  But that's more pedantic.)

  - I feel like DMARC is perfectly compatible with mailing lists as long 
as the mailing list is set up to modify the message as it passes through 
the list:

1) Change the From: header to reflect the mailing list.
2) Send the message with an SMTP from reflecting the mailing list. 
(VERP is suggested.)
3) Remove any / all DKIM headers.

  - I *STRONGLY* feel that mailing lists / forwarders / etc are email 
endpoints.  Many of them generate new messages with content based on the 
incoming content.  -  Thus it is perfectly acceptable to do all of the 
above /because/ it is a /new/ and /different/ message.

I know that I am not personally sending this message to anyone other 
than the single address that is the mailman-users mailing list.  -  The 
mailman-users mailing list is what is sending message to all the 
subscribers, *NOT* me.  Both my mail server and the mail list server's 
MTA logs will corroborate this.  -  I think pretending that I am 
/personally/ (thus my MTA is) sending messages to all the subscribers is 
a farce.  Further I believe that said farce is part of (if not the crux 
of) the perceived problems with SPF / DKIM / DMARC on conjunction with 
mailing lists.

Think about it this way.  If Alice sends a message to Bob, who has his 
email configured to forward to Charlie who also forwards to Dave, and so 
on until we reach Mike, I will *STRONGLY* argue that I never sent a 
message to Mike if asked.

Sure, /someone's/ server sent a message to Mike, possibly claiming to be 
from me.  But it was *NOT* /from/ me or my server.  Thus, the message is 
bogus and /should/ be treated as such.

  - I recently compared forwarders / mailing lists to be like phone 
messages.  The person taking the phone message does not pretend to be 
the caller when passing the message along.  Instead the message taker 
typically says something to the effect of "$SoandSo called and left a 
message for you."  The phone message is a /new/ message based on the 
contents of the original call, *NOT* a (replay) of the original call.

Grant. . . .
unix || die

More information about the Mailman-Users mailing list