On Thu, 19 Nov 2015 08:48:34 PM Joel W. Shea via luv-talk wrote: ==========================================================================
TL;DR mailman 2.1.18 recommends using dmarc_moderation_action instead of from_is_list from 2.1.16
Of the options for dmarc_moderation_action: 1) means mail will be rejected or flagged as spam by some recipients (everyone using Gmail for starters). 2) Is what we currently do. 3) is really ugly and will make things more difficult for readers. 4 and 5) we don't want to reject mail.
Accepting the consensus arrived at by RFC5323 §3.6.2: "In all cases, the "From:" field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message." – [1]
Unless of course the message body and headers are being rewritten such that it's not the same message as was originally sent.
Where "SHOULD NOT" as defined by RFC2119 §4 means: "there may exist valid reasons in particular circumstances when the particular behaviour is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behaviour described with this label." – [2]
There are valid reasons and the implications are known.
I'm not convinced there's any "valid reasons" to munge the "From:" field in either of the following circumstances.
1) DKIM signing messages sent by the mailing list
Unless there's a DMARC policy for a domain, there's no requirement for any parameter in the DKIM-Signature header field to match any other header field. In particular, the DKIM "d=" domain, and the domain in the "From:" field, aren't required to match in the absence of DMARC, (and ADSP, or DK) policy.
Since this list's domain doesn't currently (or presumably, intend to) publish a DMARC policy record, I don't see DKIM signing of list mail as a valid reason to munge the "From:" field.
Whether the luv.asn.au domain has a ADSP or DMARC record is not relevant. What is relevant is domains like yahoo.com.
2) Lists receiving mail from domains with a restrictive policy
The real issue here is that domains like Yahoo's publish a "p=reject" DMARC policy rule, and receiving domains (like Google's) are politely enforcing that policy by, you know, rejecting the mail that doesn't pass DMARC.
Although rewriting the "From:" header on those posts is an option, (such as appending .INVALID to the domain, as per RFC2606) it's an *abysmal* choice, for reasons previously enumerated on this thread.
All the choices have downsides, this one seems like the least difficult.
Possible Solution:
mailman 2.1.18 recommends using dmarc_moderation_action, instead of from_is_list from 2.1.16 [3]
* Unset the from_is_list [4] "Munge From" which causes *all* of messages sent by the list to be munged.
* Set dmarc_moderation_action [5] to one of; + Munge From - rewrite the From: and Reply-To: as in from_is_list
Do you realise that you just wrote a long message railing against rewriting the From field and came to the conclusion that it's a good option?
* Rejecting the post, as has already been stated by others on this thread, may provide the feedback to signers (via failure reports) to determine a better "market solution"
In that case the "market solution" might be "don't deal with Linux people as they make things difficult". -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/