Mark,
On 2026-01-11 04:44, Mark Shuttleworth wrote:
Well this is an interesting conundrum.
Surely every company mail system that does DMARC has this issue with
mailing lists? Is the mail system @canonical.com
<http://canonical.com> doing something unusual? It sounds from
Robie's description that Canonical is 'just doing DMARC conservatively'.
Thanks for any clarification,
Mark
As I understand the core basis of what's happening, when
lists.ubuntu.com sends as @canonical.com the message at $RECIPIENT fails
DMARC because SPF fails.
Unfortunately, this is "normal" with DMARC. And when DMARC adoption
became widespread, the traditional concept of "mailing lists" and
"distribution lists" had to adapt. And that required changing of
traditional mailing list behaviors. This is not new, with articles on
this going back years. (such as [1]).
Most mailing lists that *are* being DMARC compliant follow the 'Munge
from". So it's not @canonical.com mailing systems at fault, but
@lists.ubuntu.com mail servers not being in the Canonical.com SPF
record. Which is probably intentional.
The evolution of email and email security with DMARC has required
mailing lists to change and adapt like this though. We (Ubuntu and its
mailing lists) have just never adopted it. And for Robie and me as well,
any DMARC-failing email (Canonical *or otherwise* over the lists) goes
straight to junk.
Another prime example of this is Debian's lists - where this happens
rampantly and results in their (daily) notification of email bounces
coming to me - because Debian's not allowed to be the sender of emails
with From addresses which have DMARC enforced.
This is a problem *every* major group running a mailing list has faced.
And is why the "Munge from" option exists in Mailman to help work around
the problem.
At my dayjob we run upwards of 50+ specifically-dedicated lists for
various groups and such whom all are with companies as our partners. A
large portion of those companies have DMARC enforced on their mail to
keep up with security and email policies. Every single one of them ended
up with messages in Junk or Spam (or simply *rejected entirely*) because
of DMARC not passing on them.
This is why 'traditional mailing lists' are becoming less and less
common, or are still being used but with munging on the From address in
order to pass DMARC.
Thomas
--
technical-board mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/technical-board
