On Thu, 2014-04-17 at 11:29 -0700, Mark Sapiro wrote: > On 04/17/2014 11:01 AM, Lindsay Haisley wrote: > > It occurred to me that one possible variation on From: header munging > > which wouldn't break any applications depending on this being an actual, > > working address for a post's author, while still passing DMARC > > authentication, would be for Mailman to change the From: address to a > > VERP-like address with the author's address encapsulated within an > > address @ the list server. Any mail received by the list server for > > this address would have its address parsed by Mailman and be redirected > > to the original author's real email address. Would this pass RFC > > compliance? > > > It would probably be RFC compliant as long as the from address reliably > worked to send to the author, but there are other problems. > > The first that comes to mind is suppose a yahoo.com user replies to a > post originally From: another yahoo.com user. There may be DMARC issues > with the delivery of this reply from the Mailman server to the original > poster. > > Maybe not because the forwarding of the reply is a pass-through that > *probably* won't break a DKIM signature.
Well it does come up against the long-standing issue with SPF regarding email redirection, and if an email doesn't come from a mail server supporting DKIM, then there would be an issues in this case. > But then what if the original poster had included a Reply-To: to an > alternate address. This might result in a reply goint to the original > From: instead of the original Reply-To:. This is, as I understand it, a MUA issue. Doesn't a reply _always_ go to a Reply-To: address by default? I don't see how munging of the From: address could affect this behavior. > This implies that the "verp like" encoding should mangle things like > "example.com" so they don't look like domain names which could make them > difficult to parse. I'm already using AES encryption/decryption in Mailman to put the recipient address into the Resent-Message-ID: header in a form that AOL's brain-dead TOS report system can't redact. This is the same kind of problem. Mangling wouldn't even have to be that sophisticated. ROT13 would probably do. -- Lindsay Haisley | "Everything works if you let it" FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com | ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
