Could we not send the message out as usual, then on a p=reject bounce, forward the original message (so it comes from the mailing list) along with an explanation of what is transpiring to the bounced user, plus to the message author? Maybe include a note suggesting the author change mail providers. This way if the message author's domain causes 20 bounces, they get 20 messages letting them know they need to change mail providers.
-----Original Message----- From: Mailman-Users [mailto:mailman-users-bounces+bryan.wright=rigaku....@python.org] On Behalf Of Stephen J. Turnbull Sent: Saturday, June 14, 2014 7:42 AM To: Sparr Cc: mailman-users@python.org Subject: Re: [Mailman-Users] Ignore DMARC bounces? Sparr writes: > Modifying the messages bothers me (and a lot of other people, as > > indicated by the last dozen times similar conversations have been had, > > about changing Reply-To and From and Subject and ...) and should be > the > last resort. Well, actually the point is that lists need to do fewer modifications than they already do. DMARC has two tests, one for the domain in From being equivalent to the IP of the SMTP client, which will fail unless the author is at the mailing list's domain, and a DKIM signature. The signature will survive and be valid at the recipient in the case that the message is completely unmodified. However, mailing lists typically make one or more of the following modifications: add a list tag to the Subject field, add a header or footer to the body, remove prohibited MIME bodies (.exes, text/html, etc), or transform text/html to text/plain. Any of those will cause the usual DKIM signature to be invalidated. DMARC-using domains typically sign From (required by the DKIM protocol), To, Cc, Subject, and the whole body (effectively including the end of the message, preventing appended material such as a footer). My personal opinion is that these traditional changes are expected and desired by mailing list subscribers, and that posting from "p=reject" domains is thereby a violation of the policy of the "p=reject" domain, and places other subscribers at risk. I think mailing lists should reject such posts (if the signature is valid), or silently discard them (if it is not). However, subscribers from those domains are unlikely to agree .... ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/bryan.wright%40rigaku.com ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
