On 11/23/19 4:26 AM, Dominic Raferd wrote: > > > On Sat, 23 Nov 2019 at 09:14, Roland Köbler > <[email protected] <mailto:[email protected]>> > wrote: > > Hi, > > > when validating DMARC, it use the envelop address, or use from > address from the header? > it unfortunately uses the from-header. > (If it would use the envelope address, it would not cause that much > problems.) > > Or in short: DMARC intentionally breaks every mailinglist and > every mail-forwarding. > So, if a mail-provider uses a strict DMARC-policy, it effectively > says: "Our mail-addresses may not be used for mailinglists." > > > DMARC's focus on the From header is absolutely correct because it is > about stopping forging. And it is simply untrue that DMARC breaks all > mailing lists nor that it breaks all mail forwarding. > > I realise a lot of people on mailing lists about email have a downer > on DMARC because depending on (a) the implementation of DKIM by the > sender's domain controller and (b) on the setup of the mailing list it > can - but often doesn't - cause problems. But it is a very powerful > tool for preventing forging of emails. Domain controllers who are not > bothered about forging of emails from their domain are not obliged to > use it.
Many Mailinglist will break under DMARC as in many jurisdictions they appear to fall under regulations that are designed for commercial mailings, which include a requirement that all messages have a clearly spelled out method to unsubscribe from that list. The standard solution is to add a footer to the message with that information, which thus break the DKIM signature, since under DMARC both SPF and DKIM are based on the From: header of the message, the list is unable to distribute messages from domains with strict DMARC as their From, even though that is what a plain reading of the EMail RFC would require (The mailing list has NOT become the author by a mechanical editing of the message). The DMARC group admits that this is a problem, but their main solution is to just tell all mailing list that they need to change the From of messages to be the list so their method can be used. This causes lots of problems, the real answer is that DMARC is not suitable for general mail providers. It is really intended to be used by Institutions that do transactional email, and those users don't need to use mailing lists. Note, the problem is that DMARC for general email has an incredably high false positive rate, what would you think if your mail provider adopted a spam filter that declared 20% of your legitimate email as spam and just discarded it. This is not a bad equivalent to the providers using a method that declares mailinglist using the traditional methods that have been used for decades as 'forgers'. -- Richard Damon
