I've been working with a From-rewriting tool with code taken from Mailman (thanks, Mark!) and discovered a couple of things which I thought deserved posting about. I expect that they peripherally affect Mailman, too.
At some point Amazon (amazon.com) started publishing a DMARC "p=quarantine" policy, which means that any email which gets redirected and hits my dmarc_shield piece is going to have its From address re- written to "postmas...@fmp.com" (fmp.com has a proper SPF record). I don't know what Gmail's policy is with regard to "p=quarantine" - whether it rejects such email outright or relegates it to the recipient's spam folder. I know that if the sending site publishes "p=reject", redirected email is refused by Gmail at the front door. I'll have to test the "p=quarantine" behavior. Here's the really annoying thing. My dmarc_shield processor rewrites the From header as per SOP for Mailman with the proper switch turned on. The From header address becomes "postmas...@fmp.com" with the original From address in the address comment (from xxx at yyz.com). If the email didn't already have a Reply-To address, the original From address is inserted as the Reply-To address. If a Gmail user replies to such an email, the reply goes to the Reply-To address, but Gmail **whitelists** the From address! Thereafter, any email which comes in with a munged From address is accepted, bypassing Gmail's otherwise pretty good spam filtering. I'm noticing a lot of spam email going out with From addresses for which a DMARC "p=reject" policy is published, which means that any such spam redirected to the Gmail user via FMP is also whitelisted. Bah! It's a fucking war zone out there! The only possible solution here would be to randomize the username portion of the rewritten From address, which makes the email look more like spam, and the Gmail user would end up with a whole lot of useless whitelisted address which would need to be deleted. Not to mention the fact that FMP's mail server might be blocked from sending ANY email to Gmail. -- Lindsay Haisley | "The first casualty when FMP Computer Services | war comes is truth." 512-259-1190 | http://www.fmp.com | -- Hiram W Johnson ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org