[bitfolk] Selective mangling of from address enabled because…

Top Page
Author: Andy Smith
To: announce
New-Topics: [bitfolk] Discourse (Was: Re: Selective mangling of from address enabled because of DMARC issues)
Subject: [bitfolk] Selective mangling of from address enabled because of DMARC issues

Reply to this message
gpg: Signature made Thu Jun 21 15:50:21 2018 UTC using DSA key ID BF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>"
gpg: aka "Andrew James Smith <andy@strugglers.net>"
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>"
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>"
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>"
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>"

As you may or may not be aware, it is becoming increasingly popular
for large email providers to use DMARC settings with failure
policies of "quarantine" or even "reject".

Domain-based Message Authentication, Reporting and Conformance
(DMARC) is a mechanism which builds upon SPF and DKIM to try to
ensure that emails that show a given domain name in the From:
address came from mail relays which are able to sign headers to
prove they can send such emails.

As Mailman takes your posts and modifies them (the subject line is
altered and list footers may be added) yet retains your specified
From address, this causes a DMARC failure and for receiving sites is
indistinguishable from a forged email.

There are people posting to these lists right now from domains which
have strict DMARC failure policies. As a result whenever they post
to the BitFolk lists, many recipient sites do as instructed and
reject or quarantine their email. Furthermore a rejection causes the
list software to consider the *recipient* as having bounced the
email, and if this happens several days in a row the recipient
address will be considered undeliverable and will be automatically

In short, posters whose domains have strict DMARC failure policies
can cause other subscribers to be unsubscribed from the list.

There is no good way to avoid this for typical mailing lists. I've
decided that one of the least bad ways is to enable the setting that
rewrites the sender from address (only) for domains which have
strict DMARC failure policies.

So, if you see something like:

    From: Joanne Bloggs via users <users@???>

instead of the more usual:

    From: Joanne Bloggs <jbloggs@???>

then this is the reason why. The purpose is to have the messages
that we know will break DMARC come instead from the
lists.bitfolk.com domain.


https://bitfolk.com/ -- No-nonsense VPS hosting
announce mailing list