On May 04, 2014, at 01:26 PM, John Levine wrote: >I realize I'm a bit late to this party, but this is a technique that I >don't think has been addressed here. On my lists I've fixed the DMARC >bounces by rewriting From: lines of DMARC'ed domains like this on the >way out: > > From: Marissa <[email protected]> > >to > > From: Marissa <[email protected]>
I have some sympathy for this approach, as I mentioned over in mailman-users. It violates RFCs so I'm not sure Mailman should adopt it, but it's worth experimenting with, and I'm glad you (John) are doing so, and providing feedback here. I'm not personally concerned about the effects of .invalid on phishing, since I largely agree with John's later statement that there are plenty of "pretty close" domains you can stick in the From header that will fool most non-technical users. Heck, I see dozens per day and some are clever enough to even fool me before close inspection reveals the subterfuge. Add to that, as others have observed, that many MUAs don't even display the actual email address. Of course, adding .invalid doesn't really solve the problem, and I'm quite uncomfortable with overloading even more operations onto Reply-To. As seen on mailman-users, the interactions with the various options is a mess, difficult to get right, fragile, and difficult to understand all the implications. Message wrapping is the safest but equally unsatisfying. It's pretty clear to me that there are *no* good solution today to DMARC's affect on mailing lists, only less bad ones. -Barry _______________________________________________ Mailman-Developers mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
