On 04/17/2014 11:01 AM, Lindsay Haisley wrote: > It occurred to me that one possible variation on From: header munging > which wouldn't break any applications depending on this being an actual, > working address for a post's author, while still passing DMARC > authentication, would be for Mailman to change the From: address to a > VERP-like address with the author's address encapsulated within an > address @ the list server. Any mail received by the list server for > this address would have its address parsed by Mailman and be redirected > to the original author's real email address. Would this pass RFC > compliance?
It would probably be RFC compliant as long as the from address reliably worked to send to the author, but there are other problems. The first that comes to mind is suppose a yahoo.com user replies to a post originally From: another yahoo.com user. There may be DMARC issues with the delivery of this reply from the Mailman server to the original poster. Maybe not because the forwarding of the reply is a pass-through that *probably* won't break a DKIM signature. But then what if the original poster had included a Reply-To: to an alternate address. This might result in a reply goint to the original From: instead of the original Reply-To:. Finally, there is this note from a draft document from the DMARC community: NOTE: The inclusion of more than one domain in the RFC5322.From field is dangerous. Recent studies by two major senders show that ~95% of all cases in which there is one domain in the RFC5322.From “display name” and different domain in the RFC5322.From “address-spec” are fraudulent. This practice should be discouraged as there are efforts underway to increase “spam scores” within inbound filtering when this is detected. This implies that the "verp like" encoding should mangle things like "example.com" so they don't look like domain names which could make them difficult to parse. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
