Lindsay Haisley writes:
On Sat, 2014-05-24 at 09:00 -0400, Sam Varshavchik wrote: > kb2...@kb2ear.net writes: > > > With the recent DMARC implementation from AOL and Yahoo I have a very> > broken mailing list. Is there any way using MLM to rewrite the From: line> > to the list address and the Reply-To: line to the actual sender? > > Reply-Tos should go back to the mailing list, not the sender.This isn't an appropriate choice for most lists, which are configured for reply-to-sender. Munging the Reply-To header for this purpose is a broken way of dealing with the problem.
I hear that often; but it does not add up for me. The whole purpose of a discussion-oriented mailing list is to hold public discussions on various topics; and I'd expect the replies to go back to the list too.
For mailing lists that are more announcement-oriented, I suppose, which are not really intended to be discussion-oriented, I guess that expecting responses to go back to the original sender might make sense. But for open, discussion-based mailing list, the whole purpose of having a mailing list is to carry on a public discussion; so I'd expect the replies to go back to the list.
> In the .courier-list file you could put something that adds or replaces the > Reply-To: header. Then, use the headerdel and headeradd configuration > settings, as documented in the couriermlm man page, to remove the existing > From: header, and replace it with a new one. > > But, after doing that, you'll probably discover that it doesn't work, for > some reason, or something else is broken. Sam, would you please disambiguate this. What else would break? Why would it not work.
Anyone's guess. SPF and Dmarc are hacks. And I say that even though I use SPF. I wouldn't be surprised to hear that someone's also checking the Reply- To addresses, so those will bounce too.
> The correct fix is to tell your Yahoo and AOL subscribers to switch > providers. Telling Yahoo and AOL subscribers to change ESPs is NOT a solution, nor is it an option for many working mailing lists. Actually getting Yahoo and AOL, and other ESPs which honor it, to fix their broken DMARC p=reject implementation _would_ be a solution.
If Yahoo and AOL are saying that the only valid email with their domains on it are those that are coming from their servers, it may be dumb or stupid, but it's certainly their prerogative to do so. It's their domain. They own it. They are free to choose to run it however they like.
If that's what they're saying, then honoring that request would be the correct thing to do, and bouncing mail with their domain on it, that's not coming from their servers, is the reasonable thing to do.
If someone's mail bounces because of that, or if someone gets booted off the mailing list, because of that, well, that's that. They'll just have to stop using Dmarc or SPF.
The DMARC problem implies information loss, contrary to the spirit and in some cases the letter of applicable mail RFCs. When and how this information loss occurs is up to ML software designers and list administrators.
SPF's implementation in Courier is designed specifically to avoid this problem. Although the actual config settings can be twiddled any number of ways, the recommended default settings will SPF-validate the MAIL FROM: first, and if the validation passes, the email From: does not get SPF- checked. So, if a message from @aol.com goes through the mailing list, the MAIL FROM: gets checked first, and if the mailing list domain's SPF validates, the mail gets accepted. An SPF check on @aol.com in From: would obviously fail, but that never happens.
I haven't looked much at Dmarc, but I'd expect that a reasonable implementation of Dmarc should take an analogous approach, to accomodate mailing list traffic. The onus on supporting Dmarc should fall on the end- recipient, not a mailing list intermediary. If someone's usage of Dmarc gets them bounced off a mailing list, it's their problem, not the mailing list's.
pgpsuv6uMhKTe.pgp
Description: PGP signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
