Peter:
> On 21/03/20 4:06 am, Wietse Venema wrote:
> > Would it help if the postfix list used "dmarc mitigation" so that
> > the From header does not contain your email address:
>
> Well, in this particular case I'm seeing three messages from Jaroslaw
> end up in spam. Google says that all three pass DMARC and DKIM and SPF
> is neutral. Also in this particular case the DKIM signature includes
> the From: header, so DMARC mitigation would actually have invalidated DKIM.
Would removing Jaroslaw's email address would have changed the
'spam' ruling? We don't know that without further measurements.
> While I think that DMARC mitigation will help I don't think it would
> have in this particular case. At a best guess a proper SPF record
> likely would have helped.
>
> At the end of the day, I think both DMARC and SPF mitigation along with
> adding your own DKIM signature will help. In the case that DMARC
> mitigation is needed and there is an existing DKIM signature that will
> be invalidated by it then the existing sig would need to be removed as well.
>
> I think the days of just forwarding messages through are over and we're
> in an era where mailing lists basically have to take full ownership of
> any messages they forward, so SPF, DKIM and DMARC policies that come
> from the list server and not from the original poster unless they can
> still pass.
>
> > This may well be the end of the line for the majordomo-based list server.
>
> I do believe that there are ways of doing the mitigations from postfix
> and still retain mailman, but it may be a lot easier to simply switch to
> mailman.
That could be a hack like this (in Postfix or Majordomo):
- In Postfix, trigger on listmanager envelope address info
- Munge From: (combining original From: and listmanager envelope address info).
- Munge Reply-To: (using info from original From:).
- Strip DKIM, as the info would be invalid anyway.
Switching list manager would be the better long-term option, but a
hack could be useful to address some individual cases in the short
term.
Wietse
