Magnus Hagander <> writes:
> On Tue, Nov 24, 2015 at 4:00 PM, Tom Lane <> wrote:
>> If anyone thinks we might be motivated to become DMARC compliant,
>> I can inquire for more details.  But I won't bother unless there's
>> real interest.

> I'd definitely be interested at least in what they're doing. Whether we'd
> actually implement it would depend on the implications of course, but if
> they've actually figured out how to do it, it could be useful.

Forwarded with Rudy's permission ...

                        regards, tom lane

------- Forwarded Message

Date:    Tue, 24 Nov 2015 10:34:45 -0500
From:    "Rudolph T. Maceyko" <>
To:      Tom Lane <>
Subject: Re: How did you fix HP list for DMARC compliance, exactly?

Hi Tom, 

The basic changes since Yahoo implemented their p=reject DMARC policy
last year (and others followed) were:
* make NO CHANGES to the body of the message--no headers, footers, etc. 

* make NO CHANGES to the subject header of the message--no more
"[Highland Park]" 

* when mail comes to the list from a domain that uses a p=reject DMARC
policy, CHANGE THE FROM HEADER so that it comes from the list.
Otherwise, when that message would be verified by any site that checks
DMARC, it would fail (and probably would not be delivered, or would be
considered spam). 

That last point was the big one, and is something that Mailman supports
(in recent versions). It provides the option either to wrap the
"offending" message in an attachment, or to do what we do now, which is
to change the From header (and add a Reply-To, so replies still work).
You could also elect to change *every* message that way, which seems
like overkill (at least it does today). 

All of that is necessary in order to avoid DMARC problems. Of course,
you CAN ban subscribers from these domains, but the list of p=reject
DMARC policy sites will only grow. I read that Google is considering
implementing it next year. 

Anyway, in addition to all of that, I've implemented DKIM
verification/signing and our own DMARC policy (but NOT p=reject), as
well as greylisting. These are just ways to elevate our anti-spam
profile (and reputation). I've also set up feedback loops for AOL and
Yahoo (and I'm trying for Comcast) so they don't ding us just because
one of their subscribers "accidentally" marks a message that came
through the list as spam. Running a mail server is hard these days... 


On 2015-11-24 10:19, Tom Lane wrote: 

> I'm curious about what changes you made for this. And, of course: did
> it work?
> I'm inquiring on behalf of an open-source project I'm involved in,
> who might be interested in fixing their lists similarly:
>  [1]
> I don't believe they run the same list software you do, so exact
> instructions probably aren't useful, but a functional spec for what
> needs to happen would be very valuable.
> Thanks!
> regards, tom lane

------- End of Forwarded Message

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to