Re: DMARC methods in mailman

Philip Homburg <> Tue, 20 December 2016 23:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9D896129490 for <>; Tue, 20 Dec 2016 15:26:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r-VwxDNpl4fm for <>; Tue, 20 Dec 2016 15:26:57 -0800 (PST)
Received: from ( [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) by (Postfix) with ESMTP id 8CD08129409 for <>; Tue, 20 Dec 2016 15:26:57 -0800 (PST)
Received: from (localhost [::ffff:]) by with esmtp (Smail #91) id m1cJTo8-0000F8C; Wed, 21 Dec 2016 00:26:56 +0100
Message-Id: <>
Subject: Re: DMARC methods in mailman
From: Philip Homburg <>
In-reply-to: Your message of "Tue, 20 Dec 2016 17:35:44 -0500 ." <>
Date: Wed, 21 Dec 2016 00:26:55 +0100
Archived-At: <>
Cc: Theodore Ts'o <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 20 Dec 2016 23:26:59 -0000

In your letter dated Tue, 20 Dec 2016 17:35:44 -0500 you wrote:
>On Tue, Dec 20, 2016 at 07:56:01PM -0000, John Levine wrote:
>> Whether a mail system enforces DMARC policies is up to the system's
>> manager, not individual users.  Even in the IETF, I expect that many,
>> perhaps a majority, of users have only the dimmest idea what if
>> anything their operator does with DMARC.
>This starts getting more complicated, but the mailing list could try
>intentionally sending a message which fails DMARC (e.g., with a
>claimed from address of to the mailing list
>subscriber and see if it gets bounced, and use that to set the default
>for that setting automatically?

Typically, a user whose mail system rejects too many e-mails is automatically

There are a range of possibilities, from just adjusting the boiler plate in
the unsubscribe notice to automatically turning the option on when a
reject involves a DMARC protected sender.

As for Randy's suggestion. That would be equivalent to turning the option
on for everybody. That may also be a sensible default. People who want to
reply directly can turn the option off manually.

Just always rewriting DMARC protected From headers is suboptimal for
recipients that don't want to have anything to do with DMARC. Why subject
them to broken From headers?