It is pretty clear how an AOL-compatible mailing list can be configured:
- All messages come from the list domain
- Plus addressing is used to give each subscriber a unique From address..
- To be standards-compliant the plus address still needs to fit within
the 64-character limit, so the suffix is a code, not the full email
address. "John.Doe@subscriberdomain" is translated to
"ListName+17@listdomain"
- The Friendly Name is used to identify the subscriber, his email
address, and optionally the list itself. "John Doe
John.Doe@subscriberdomain via Listname"
- Reply-To is set to the list address
This approach:
- Eliminates impersonation of other domains
- Eliminates subscriber specific message blocking based on
- Subscriber domain has DMARC enforcement
- Subscriber domain matches recipient domain
- Subscriber domain is included in a geo-blocking rule
- Allows the list to be protected from impersonation using DMARC
- Allows list authentication to survive downstream forwarding.
I suspect that this configuration is within the capabilities of existing
products, but maybe some software changes would be needed.
It becomes a simple choice: Lists can adapt to operate the way AOL and
others want them to work, or they can keep to the old ways and live with
the consequences. When the old ways cause damage, I don't think the
damage is any longer a DMARC problem. We should formally document how to
implement a DMARC-compatible mailing list, and then stop worrying about
those who don't want to be DMARC-compatible.
Doug Foster
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
