DMARC Support in Mailman

Mailman is a very popular open source mailing list management software package. It's been around for a long time -- since the late 1990s, according to Wikipedia. Sites using Mailman to manage discussion lists were negatively impacted by the roll-out of DMARC, specifically when big ISPs (starting with Yahoo and AOL) began to implement "p=reject" DMARC policies, meaning legitimate mailing list mail, most commonly posts from Yahoo or AOL users, would start to be rejected by ISPs who filter based on DMARC policy.

Google Groups and Yahoo Groups both implemented header changes to workaround the then-new DMARC issue, by (and I'm simplifying here, forgive me) making the mailing list the sender of the message, as opposed to the prior method, which was that the person who submitted the post to the mailing list was considered the sender.

Mailman has done the same. All the way back in 2014, Mailman 2.1.16 included a feature called "from_is_list," that, when enabled, rewrote the email headers to help admins deal with restrictive DMARC policies.

Mailman version 2.1.18 takes it a step further, giving you a set of options under the label of "dmarc_moderation_action." This feature provides five different "actions": Accept, Munge From, Wrap Message, Reject, and Discard. My suggestion is to select the "Munge From" action.

Some mailing list managers are pissed about DMARC and want to keep users at DMARC-publishing domains away from their mailing lists, so they've chosen the "reject" or "discard" actions. That's not very friendly to end users.

The authors and team behind mailman put it thusly: "Mitigating the effects of the DMARC reject policy are difficult. All known mitigation techniques break some user expectations and/or degrade the user experience. Still, it's incumbent on the Mailman developers to try to reduce the pain our users feel, and to provide some options for site and list administrators who find themselves caught in the middle."

If you don't take any action here, you're leaving a subset of your potential subscribers out in the cold. Making them second class citizens, unable to participate in the mailing lists you're hosting. Be kind, and don't beat up Yahoo users because of a domain policy that Yahoo choose to implement (and that Yahoo user is stuck dealing with). I strongly recommend that you enable the "Munge From" action under "dmarc_moderation_action."

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.