AFAIK, at the moment, MLMs doing transforms on headers to make messages DMARC-safe have no reliable way of knowing whether sender domains intended them to do so or not: there’s a heuristic that just says that in general, a DMARC domain enforcing an active quarantine or reject policy probably wants transforms.
Wouldn’t it be nice if you could ask for MLMs to transform, just using a DMARC policy, even p=none, so that you could test with a live environment containing MLMs that work around DMARC policy? Or you could ask for *no* transform, even for p=quarantine or p=reject, so that your DMARC policy can be used to legitimately restrict usage to directly-sent email? For me the first is more important: I could make the case for DMARC much more strongly if I could rely on MLMs to implement a reliable workaround, under sender control, so DMARC-sceptics could challenge themselves to the actual consequences of the policy, without their enforcement, or continue to support traditional forwarding and/or mailing lists as neutral actors while positively impacting DMARC-safe mail. Without the workarounds being guaranteed, the current state of play, there’s no DMARC-safe future that works for everybody, IMO. It’s reasonable to argue that these workarounds are horrible and I would. It’s also, unfortunately, everyday reality nowadays with two long-standing freemails using DMARC and all the major MLMs with support, and I have since been induced by practical experience to believe that, honestly, what matters for most MLM users is utility over functional purity. I have had at least one subscriber tell me that they _prefer_ the Mailman 2.16+ workaround because now they get the list name in the display name instead of the Subject making it easier to scan, and they can whitelist the list address to avoid the spam box or get notifications for list mail. I can’t even make myself care that Reply-to-all is broken—because that’s inevitably what people want for most lists, anyway. Heresy, I’m sure. :) I still think DMARC’s use of the From: header is its biggest failing. Far better would have been to take the high road and use a dedicated Authenticated-Sender: (or likewise) header. MUAs would change, to explicitly distinguish authorship from “sendership”. But we are where we are. I could not call myself a fan of DMARC; I just think it’s inevitable. Cheers, Sabahattin _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
