Support #384
closeddecide how to proceed with DMARC and mailinglists
0%
Description
mails from a domain that has DMARC setup will break when sent via the mailinglist.
our mailinglist setup alters both the body (adds a footer, strips attachments/html) as well (for some lists) the subject → invalidates DKIM signature
as well as keeps the Sender address → invalidates SPF rules
The solution suggested by https://sys4.de/de/blog/2013/08/11/mailman-dmarc-konform-betreiben/ is to replace the Sender Addrsss by the List's address (so that our domain's rules apply) and put the Sender into Reply-To instead.
http://dmarc.org/faq.html#s_3 lists some variations of the above
Related issues
Updated by Christian Lohmaier almost 10 years ago
- Priority changed from Normal to Urgent
Updated by Christian Lohmaier almost 10 years ago
urgent because we need a decision fast, not the implementation of the solution.
Possible ways:- advise people not to use yahoo or other providers that make use of dmarc for mailinglists
- rewrite the sender's address
- do nothing and live with the bounces
Updated by Florian Effenberger almost 10 years ago
Thanks for raising this! I sadly can't have a look in the next days -
any chance you can check the mlmmj website or mailing lists if people
have a solution at hand there? I assume many lists and projects are
affected by that.
Updated by Christian Lohmaier almost 10 years ago
forgot to post the link to the discussion on the mlmmj list:
http://mlmmj.org/archive/mlmmj/2014-05/0000009.html
basically: either act as pure forwarder (no touching of the message at all) → not what we want, we want to strip html/attachments...
or take ownership...
Updated by Florian Effenberger almost 10 years ago
Seems the problem is created by Yahoo: http://www.heise.de/newsticker/meldung/DMARC-Policy-Yahoo-killt-Mailinglisten-Mitgliedschaften-2168857.html
Looking at https://sys4.de/de/blog/2013/08/11/mailman-dmarc-konform-betreiben/ (linked from the above article), it seems not so trivial to fix that. Newer Mailman releases (as available in Ubuntu 14.04, we run 12.04) fix the issue, but nothing on the horizon for mlmmj so far
Updated by Alexander Werner almost 10 years ago
- Status changed from New to Closed
It was decided that currently no action is to be taken, but PyMIME may be extended to provide solution 3B (http://dmarc.org/faq.html#s_3).
Updated by Alexander Werner almost 10 years ago
- Precedes Feature #563: PyMIME: Add DMARC conform Header changer added