Silicon Valley - Public Access Link

Handling DMARC with Mailman

What is DMARC and why does it break mailing lists?

Recently, Yahoo!, AOL, and other MailBox Providers (MBPs) have adopted a stricter email policy using a framework called DMARC (Domain-based Message Authentication, Reporting & Conformance). While they have deployed DMARC (More about DMARC) for some time, they have only recently configured DMARC to reject email.

The goal of DMARC is to allow email domains (eg. Yahoo.com) to identify the servers on the Internet that are authorized to send email in their name. The identification of legitimate email servers allows receiving email systems to identify non-authorized systems, presumably forging emails. This is very helpful for stopping a class of spammers who operate by forging emails from apparently legitimate email addresses.

However, there is a consequence of using this strict configuration of DMARC, which is that it breaks many mailing lists and email forwarding services. This is because these services appear to be sending email forgeries according to DMARC rules. The result is that if the list poster uses a Yahoo, AOL, etc. address, it will likely be rejected by many mail servers. This affects Majordomo and Mailman mailing lists, which are used by SVPAL. In the case of Mailman, there is a feature that list owners can enable to work around the strict anti-forgery requirements of DMARC. We will cover this in a moment.

However, there is no such feature in Majordomo. The only realistic solution is to migrate from Majordomo to Mailman and use the Mailman feature to work with DMARC.

Handling DMARC in Mailman

Mailman may be configured to conform to DMARC policy. On the General Options page, there is a setting called from_is_list that can be set to "Mung From" or "Wrap Message". Either of these settings will make the list emails compliant with DMARC, but the latter setting ("Wrap Message") wraps the list email inside another email. This seem awkward for most list recipients. The former ("Mung From") leaves the email largely intact, replacing the sender's From address with the list email address.

When Mailman is configured to "Mung From", list emails display "From: Jane Doer via <maillist@svpal.org>" instead of the former "From: Jane Doer <janedoer@svpal.org>".

SVPAL recommends all Mailman lists configure from_is_list to "Mung From". Before you ask, SVPAL does DKIM sign emails as recommended. If you have trouble making this change, contact support for help.

[SVPAL Home] [Subscriber]

Contact Silicon Valley Public Access Link
Last Updated: Wednesday July 8, 2015