<div dir="ltr"><div>I've updated the list settings to <br></div><div><br></div><div>Munge From -- applies the from_is_list Munge From transformation to these messages. <br></div><div><br></div><div>for the action to take when anyone posts to the list from a domain with a DMARC Reject/Quarantine Policy.</div><div><br></div><div>Hopefully this solves the problem without affecting too many other people.</div><div><br></div><div>Mike Kaply<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jul 14, 2019 at 10:11 PM Paul Kosinski <<a href="mailto:mozilla@iment.com">mozilla@iment.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Yes, I know that SPF, DKIM and DMARC can cause problems with mailing<br>
lists, but people have been working on it for years. I just thought that<br>
Mozilla was sophisticated enough to have implemented a workaround.<br>
<br>
The ISC BIND users mailing list, for example, uses Mailman and in their<br>
configuration the DMARC handler, modifies the "From:" address and adds<br>
"Reply-To:" like so:<br>
<br>
Paul Kosinski via bind-users <<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a>><br>
Reply-to: Paul Kosinski <<a href="mailto:bind@iment.com" target="_blank">bind@iment.com</a>><br>
<br>
The ClamAV users mailing list does something similar, also changing<br>
"From:", adding "Reply-to:", but also adding a "Cc:" like so:<br>
<br>
From: Paul Kosinski via clamav-users <<a href="mailto:clamav-users@lists.clamav.net" target="_blank">clamav-users@lists.clamav.net</a>><br>
Reply-To: ClamAV users ML <<a href="mailto:clamav-users@lists.clamav.net" target="_blank">clamav-users@lists.clamav.net</a>><br>
Cc: Paul Kosinski <<a href="mailto:clamav-users@iment.com" target="_blank">clamav-users@iment.com</a>><br>
<br>
Topicbox also uses the "From:" "via" workaround. It's a shame that<br>
Mozilla doesn't do something to mitigate its DMARC problem.<br>
<br>
P.S. Since DMARC info is supplied by the DNS server and applies to the<br>
whole domain, I don't see offhand what to do that would accommodate<br>
Mozilla's rather lame mailing list mechanism.<br>
<br>
<br>
<br>
On Sun, 14 Jul 2019 16:45:59 -0500<br>
Don Wright <<a href="mailto:wmail@wricomp.com" target="_blank">wmail@wricomp.com</a>> wrote:<br>
<br>
> Paul Kosinski wrote:<br>
> >Here's another example of a DMARC "failure" when mail (from me) is<br>
> >passed on to an ESR subscriber.<br>
> <br>
> <br>
> DMARC is fundamentally broken[1] with regard to mailing lists as it<br>
> only checks the From: and not the Sender: field. Mitigating<br>
> DMARC-induced problems is a frequent topic on the mailman-users<br>
> support mailing list.[2]<br>
> <br>
> <br>
> [1] <a href="https://en.wikipedia.org/wiki/DMARC#Mailing_lists" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/DMARC#Mailing_lists</a><br>
> [2] <a href="https://mail.python.org/mailman/listinfo/mailman-users" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/mailman-users</a><br>
_______________________________________________<br>
Enterprise mailing list<br>
<a href="mailto:Enterprise@mozilla.org" target="_blank">Enterprise@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/enterprise" rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/enterprise</a><br>
<br>
To unsubscribe from this list, please visit <a href="https://mail.mozilla.org/listinfo/enterprise" rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/enterprise</a> or send an email to <a href="mailto:enterprise-request@mozilla.org" target="_blank">enterprise-request@mozilla.org</a> with a subject of "unsubscribe"<br>
</blockquote></div>