On Mar 9, 2015, at 4:15 PM, Jason Bodnar <[email protected]> wrote:
> The company I work for makes software for non-profits. It's often used to
> host fundraising races and events. Part of the software allows people signed
> up for the event ("participants") to send email to their friends and family
> asking that they make a donation to support them in the event.
>
> When Yahoo and AOL published their DMARC records we started having
> deliverability problems. Typical an email sent by a participant would look
> something like this:
>
> HELO [email protected]
> MAIL FROM: [email protected]
> RCPT TO: [email protected]
> DATA
> Sender: Non-profit-name <[email protected]>
> From: J Doe <[email protected]>
> To: Mamma Doe <[email protected]>
> Reply-To: J Doe <[email protected]>
> Subject: Please help me find a cure for cancer
> ...
>
>
> This, of course, does not work well with DMARC because of:
>
> From: J Doe <[email protected]>
>
> so we changed our emails to:
>
> HELO [email protected]
> MAIL FROM: [email protected]
> RCPT TO: [email protected]
> DATA
> Sender: Non-profit-name <[email protected]>
> From: J Doe <[email protected]>
> To: Mamma Doe <[email protected]>
> Reply-To: J Doe <[email protected]>
> Subject: Please help me find a cure for cancer
> ...
>
>
> which now is delivered but, unfortunately, often appears in Mamma Doe's inbox
> as:
>
>
> From: Non-profit-name <[email protected]> on behalf of J Doe
> <[email protected]>
>
>
> According to the non-profits we work with, many people who receive these
> emails are wary of them due to what the From looks like in their email
> clients. Are there any options for us to send email on behalf of participants
> who have email from ESPs with DMARC reject records AND have a meaningful From
> in the recipient's mail client?
No, there aren't. Yahoo and AOL have published policy that they do not allow
their users to use your service (at least not using their AOL or Yahoo email
addresses).
If you want to avoid the "on behalf of" bits you might try removing the Sender:
header. Whatever you do, though, it's going to look at least a little like mail
that should be treated with suspicion - you'll need to compare your options and
decide how to minimize that, possibly with some A/B testing of different
options.
It's a problem a lot of ESPs who serve small customers with Yahoo and AOL
addresses are seeing.
> The DMARC draft says:
>
>
> DMARC authenticates use of the RFC5322 [MAIL].From domain by requiring that
> it matches (is aligned with) an Authenticated Identifier. The RFC5322
> [MAIL].From domain was selected as the central identity of the DMARC
> mechanism because it is a required message header field and therefore
> guaranteed to be present in compliant messages, and most MUAs represent the
> RFC5322 [MAIL].From field as the originator of the message and render some or
> all of this header field's content to end users.
>
>
> But this seems contrary to information from OpenSPF:
>
> http://www.openspf.org/Best_Practices/Webgenerated
>
> The key component is to ensure that the SMTP "MAIL FROM" address is from your
> domain. After that, adding "Sender:" or "Reply-To:" headers is good etiquette
> and help direct replies to the proper address.
SPF is all about tying a responsible domain to a sending IP address. It doesn't
really bother itself with the From: field much. Similarly, DKIM is about
attaching a responsible domain to a message, one that needn't be related to any
of the other email headers. It's not until you add DMARC to the mix that
there's any requirement for those domains to have anything to do with the
domain in the From: field.
Cheers,
Steve
--
Having an Email Crisis? (800) 823-9674
Steve Atkins - Word to the Wise - [email protected]
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
