> On May 3, 2022, at 7:09 AM, Cedric Amand <[email protected]> wrote: > I did not investigate this much ; but I would look at the DMARC and « from » > problems
DMARC is definitely one -- potentially the main -- issue here. If someone with a strict DMARC record submits a message to the list for broadcast, many list recipients will quarantine or reject the message unless the From: header is munged. Mailman has some potential mitigation strategies against this[1], none of which are great, but DMARC fundamentally broke the way email works by pinning its mechanism on the From: header.[2] [1] https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/dmarc-mitigations.html [2] RFC7489 §5 says, essentially: requiring trust in From: was the only way to make DMARC go. It doesn't actually justify doing so beyond saying (in §6.7) acceptance is a local decision. The RFC takes no responsibility for establishing a de facto status quo that is broken.
