[ Mark, sorry for the dup. Sent from the wrong address, so the copy to the mailing list bounced. ]
On 12/28/2017 1:27 PM, Mark Sapiro wrote: > On 12/28/2017 11:57 AM, Jordan Brown wrote: >> That's leading me to wonder whether there's another way, whether I can >> leave From alone and still get past the DMARC checks. Wikipedia tells >> me that DMARC passes if either SPF *or* DKIM passes. There's no hope >> for SPF with the original sender in From, because the mailing list >> server isn't the user's mail server. However, DKIM seems like it >> *might* pass, if I'm careful in how I configure the mailing list. > Correct. As pointed out in item 2 at <https://wiki.list.org/x/17891458> > you can avoid breaking DKIM signatures by turning off Content filtering, > scrubbing of non-digest messages and Reply-To: header munging and remove > subject_prefix, msg_header and msg_footer so Mailman doesn't make > message modifications that break DKIM signatures. > > If you are willing to have your list not make any such transformations, > that will work. Thanks! (And sorry for not looking at the FAQ first.) (In looking to see what else I might have missed, I found DEV/DMARC; you might want to link the two together.) > Ideally, you might check DMARC on incoming mail, because if it fails, > that mail will bounce anyway. E.g., I have seen a case where a user had > configured a "Yahoo" account in her local email client to send From: her > yahoo.com address but not send via a yahoo SMTP server. Thus, all of her > mail, including list mail, would be bounced by anyone not checking DMARC > because it had no yahoo.com DKIM signature, but in the case of list mail > without DMARC mitigations, this would cause multiple recipients to > bounce the mail and perhaps have their delivery disabled. Is DMARC checking available as a Mailman feature? I don't remember seeing a "check DMARC" option in the UI, and I don't find one in the docs. I'm an HSP customer with cPanel as my UI. It looks like I could enable DKIM on a domain-global basis, but I don't see anything for DMARC per se. I don't want to turn on any domain-global rejection of "failing" mail, because I wouldn't want to reject messages sent to the non-mailing-list addresses. It would be OK to add a "failed DMARC" header to the message and then have Mailman reject on the basis of that header. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org