MailmanWiki

Mailman and DMARC

DMARC is a standard developed as a technique to reduce email spam and phishing.  Unfortunately, it has negative consequences for mailing lists, essentially breaking long established mailing list norms, standards, and behaviors.   Yahoo! recently began publishing a DMARC policy for rejecting all messages that fail the signature tests, and every mailing list with Yahoo! members started seeing bounces from these members.  This has caused the Mailman community of members, list administrators, and developers enormous pain.

Mitigating the effects of the DMARC reject policy are difficult.  All known mitigation techniques break some user expectations and/or degrade the user experience.  Still, it's incumbent on the Mailman developers to try to reduce the pain our users feel, and to provide some options for site and list administrators who find themselves caught in the middle.   This page attempts to capture the Mailman developers' current thinking about the problem.

Solutions are difficult and complicated. The DMARC authors essentially acknowledge that adopting DMARC requires changing mailing list habits.  You cannot continue to run your mailing list the way you always have, in DMARC compatible way. An overview of all available solutions is in this FAQ.

Mailman 2.1.16 was the first version that added some workarounds for DMARC rejections, with refinements ongoing in subsequent releases.  Mailman 3 will also handle this in some way, with the plan described below.

Mailman 2

Here's what's implemented in Mailman 2.1:

In 2.1.16 a from_is_list feature was implemented which if enabled by a site configuration option would offer a list admin the ability to either:

Implemented now for release in 2.1.18 are the following:

Mailman 3

This is what currently exists in Mailman 3.1. There could be changes in future releases.

It is recognized that the behavior of individual lists can have an effect on the site's reputation.  For example, if a list allows signature violating messages to flow through to their membership, and one of those members is a Yahoo! subscriber, then it is possible that Yahoo! would consider the mailing list site to be a spammer and give it a black mark.  You could imagine that after enough of these, it might just start rejecting all message from the mailing list's domain.  This could affect other mailing lists, and even other users that send messages from this domain.

These considerations imply that the site administrator should have some control over what list policies are available similar in intent to the Mailman 2.1 restriction that the list's policy must be as strong or stronger than the site default, but this does not currently exist in Mailman 3.1. Site admins can set default policies for new lists, but the defaults do not restrict how they can be overridden by list policy.

List admins can chose from the following options for a list's DMARC mitigations.

Normally, the selected action is applied only to messages From: domains that publish a DMARC policy of 'reject' or 'quarantine', but if the action is Munge the From: header or Wrap the message, the list admin can chose to apply the action to all list messages.

MailmanWiki: DEV/DMARC (last edited 2019-10-01 18:13:52 by msapiro)