Jason Bodnar writes: > According to the non-profits we work with, many people who receive > these emails are wary of them due to what the From looks like in > their email clients. Are there any options for us to send email on > behalf of participants who have email from ESPs with DMARC reject > records AND have a meaningful From in the recipient's mail client?
Almost surely not. As Steve Atkins points out, this is precisely what DMARC "p=reject" at those providers is *intended* to prevent.[1] If you can do it, spammers and phishers can do it too. There is a way to avoid DMARC[2] that works in clients that implement the RFCs extremely flexibly, but very few users have clients that handle such messages well, and some clients handle them absymally badly. I can't recommend it in your application. In my experience, the best you can do is 0. Tell your non-profit clients that it's a problem with the "recommender's" mailbox provider (and the recipient's client), which will occur no matter what third party sends the email on their behalf. Perhaps they have suggestions on better phrasing for the display name (see part 2). 1. For each email, check for a restrictive DMARC policy for the apparent sender, and if not, send the message with the "optimal" message header. (For bonus points you might be able to cache the policy for popular sending domains, but caching for long periods is risky as the TTL on the DMARC policy record is usually only a few minutes.) 2. If the policy is restrictive, "preformat" the display name part of the header as well as you can, and use your address as the address part. Example: From: "John Doe ([email protected]) via NPO" <[email protected]> You may even be able to omit the quotation marks in the display name part, but that's a little risky because of the "." (IIRC it's technically OK in a comment, i.e., in parentheses, but I've seen clients and MTAs complain anyway.) I suspect that you can still get screwed up here, as some MUAs automatically add the address with display name to a contact list, and will proceed to use the display name from the contact list in preference to the display name in From. Then you could get this in Mama Doe's mail client: From: "John Doe ([email protected]) via NPO" <[email protected]> Jane Doe ([email protected]) recommended you as a potential contributor to Truly Worthy Cause. because "[email protected]" is the address used to look up the display name in the contact list, and the client just stores the display name in >From verbatim, as an alternative "real name" for that address in the contact list. That looks even more suspicious to me. In that case, the strategy you are already using is probably the best available. Footnotes: [1] Yahoo! and AOL use p=reject because spammers stole contact lists from their users, and use those stolen lists to do exactly what you want to do, but without having the address owner's permission. [2] Eg, send the actual message with the headers you want to present as a MIME message/rfc822 attachment, and put your real address in the outer message's From field. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
