[dmarc-ietf] Sending email on behalf of?

[Jason Bodnar]

The company I work for makes software for non-profits. It's often used to host 
fundraising races and events. Part of the software allows people signed up for 
the event ("participants") to send email to their friends and family asking 
that they make a donation to support them in the event.

When Yahoo and AOL published their DMARC records we started having 
deliverability problems. Typical an email sent by a participant would look 
something like this:

HELO mail_ser...@blackbaud.com
MAIL FROM: i...@non-profit.org
RCPT TO: a_family_mem...@some.esp.com
DATA
Sender: Non-profit-name <i...@non-profit.org>
From: J Doe <j...@yahoo.com>
To: Mamma Doe <a_family_mem...@some.esp.com>
Reply-To: J Doe <j...@yahoo.com>
Subject: Please help me find a cure for cancer
...


This, of course, does not work well with DMARC because of:

From: J Doe <j...@yahoo.com>

so we changed our emails to:

HELO mail_ser...@blackbaud.com
MAIL FROM: i...@non-profit.org
RCPT TO: a_family_mem...@some.esp.com
DATA
Sender: Non-profit-name <i...@non-profit.org>
From: J Doe <i...@non-profit.org>
To: Mamma Doe <a_family_mem...@some.esp.com>
Reply-To: J Doe <j...@yahoo.com>
Subject: Please help me find a cure for cancer
...


which now is delivered but, unfortunately, often appears in Mamma Doe's inbox 
as:


From: Non-profit-name <i...@non-profit.org> on behalf of J Doe 
<i...@non-profit.org>


According to the non-profits we work with, many people who receive these emails 
are wary of them due to what the From looks like in their email clients. Are 
there any options for us to send email on behalf of participants who have email 
from ESPs with DMARC reject records AND have a meaningful From in the 
recipient's mail client?

The DMARC draft says:


DMARC authenticates use of the RFC5322 [MAIL].From domain by requiring that it 
matches (is aligned with) an Authenticated Identifier. The RFC5322 [MAIL].From 
domain was selected as the central identity of the DMARC mechanism because it 
is a required message header field and therefore guaranteed to be present in 
compliant messages, and most MUAs represent the RFC5322 [MAIL].From field as 
the originator of the message and render some or all of this header field's 
content to end users.


But this seems contrary to information from OpenSPF:

http://www.openspf.org/Best_Practices/Webgenerated

The key component is to ensure that the SMTP "MAIL FROM" address is from your 
domain. After that, adding "Sender:" or "Reply-To:" headers is good etiquette 
and help direct replies to the proper address.


Thank you.

--
Jason Bodnar
Staff Software Engineer
Blackbaud, Inc.


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc