Richard writes: > Below is why I think it's a bad idea. Why can't we encode the > original email address in a comment or quoted token on the From: > line instead of jamming it onto Reply-To?
Because that makes it very inconvenient to reply to author. On some lists, that's a crucial feature. For example, blind people require excessive effort for cutting and pasting, but typically have access to features that make selectively including addresses already present in the headers very simple. So it *must* be at least an option to include the author as a real address in From or Reply-To, and I believe it should be the default (see below). > the list. From what I read of DMARC, it's the munging of the From: > line that is needed in order to have messages pass the DMARC > checks. Actually, what happens is that the message *fails* the DMARC checks in such a way that DMARC specifies the failure should be ignored, and the message handled as though DMARC didn't even exist. > To me this makes sense -- the mailing list domain is sending the > message to the list and the appropriate domain checks need to be > made against the mailing list's domain, not the original author of > the mailing list message. That's not a tenable interpretation. There is a header for the purpose of identifying the sender in your sense, its name is "Sender", and the designers of DMARC deliberately rejected its use for this purpose (for good reason). As a pragmatic matter, mailing list domains rarely even have a _dmarc DNS record, so such checks cannot be made effectively. In any case, "From" is *defined* by RFC 5322 to be the *content author*'s address for various purposes (such as identification and reply). It is also the preferred address for automatic reply to author unless Reply-To is set. The designers of Internet mail made these decisions based on hard thought and long practical experience because they make it possible for an MUA to handle both the common cases and the edge cases smoothly. The email RFCs do not envision *anybody but the original sender* setting the From header, so one can't say anything with authority, but my take is that if you insist on breaking the From header, you should put the author in Reply-To so that receiving MUAs can find her address and automatically reply to it. > What I'm not understanding is how DMARC is mandating that Reply-To: > go back to the original author, It doesn't. It's the basic Internet message standard (currently RFC 5322) that governs From and Reply-To. As Mark explained, Mailman's current behavior when From-munging is a delicate balancing act to preserve as much of the "normal" operation of MUAs as possible without triggering DMARC rejects. DMARC p=reject gives list admins an unpleasant choice: (1) violate the mail standards and suffer various degradations of service because others in the mail system assume conformance (eg, your "wrong duplicate" problem), (2) tell your p=reject users that their posts are going to be rejected or discarded by many subscribers, or (3) stop decorating posts with [List] tags or material prefixed and affixed to the message body (so that the originator's DKIM signature will remain valid and the DMARC checks will pass). N.B. The tech staff from Yahoo! and AOL have acknowledged (on the ietf-dmarc mailing list) that their employers are knowingly breaking mailing lists (and other services) to address their security fiascos. The designers of DMARC have always maintained that the Yahoo!/AOL use case is abusive -- DMARC was designed to protect official mail to customers sent on behalf of corporations by their employees, not the general use mail of users with addresses at freemail providers. In other words, mailing lists just shouldn't receive mail from p=reject domains, ever. No problem -- until Yahoo! and AOL decided to *create* one. IMO, given those facts, posting from a Yahoo! or AOL address is just plain rude. (I can and do get away with banning their posts. I wish everybody could do that.) > and not the mailing list, as is the usualy convention: public > conversations from a mailing list cycle back to the mailing list by > default and only fork into a private conversation when specifically > requested. The "usual convention" (of munging Reply-To) violates the mail RFCs and breaks interoperability, and should be entirely unnecessary now that we've had List-Post for more than a decade. Consider an MUA whose default reply function looks in Reply-To first, then in List-Post, then in From. Why doesn't everybody's do that? It's trivial to implement. :-( > What's happening now is that people are doing "reply to all" in > order to get the mailing list included, which makes *me* the > recipient of their reply and the mailing list cc'ed. As Mark points out, the first thing to do is to make sure you set dmarc_moderation_action, not from_is_list. Then only Yahoo! and AOL posters are likely to cause pain. Hopefully they are few.... ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
