:: Re: [DNG] Admins can you fix/set th…
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] Admins can you fix/set the header overrides?
Quoting chillfan via Dng (dng@???):

> I can confirm that I haven't set a reply-to header, but this is just a
> web mail. It could be that my webmail provider just doesn't allow me
> to unset the header, but I haven't looked that far into it.


Indeed, you didn't set it in this case.


Short version: It's a mitigation on the mailing list server for the
problem of DMARC.

Your headers as you send them were like this:

From: chillfan <chillfan@???>>
To: "dng@???" <dng@???>

Mailman is configured to alter your postings' headers (for
retransmission to all subscribers) as follows:

From: chillfan via Dng <dng@???>
To: "dng@???" <dng@???>
Reply-To: chillfan@???

_Why_, and why (specifically) _your_ mail? Actually, it's not just
you, but rather your sending domain, protonmail.com. Protonmail creates
a challenge to any mailing list by publishing an aggressive DMARC
antiforgery policy in its public DNS:

$ dig -t txt _dmarc.protonmail.com +short
"v=DMARC1; p=quarantine; fo=1;"
$

Because of that aggressive 'p=quarantine' policy, and because Mailman
(like all other MLM = mailing list manager packages) makes changes to
postings (upon retransmission to subscribers) that unavoidably cause the
subscriber copies to fail checks of the message's DMARC cryptographic
signature. This is a serious problem for mailing lists, causing
retransmitted mail to either be rejected (if 'p=reject') or spamboxed
(if 'p=quarantined') at any receiving domain that enforces DMARC.

Mailman's mitigation (see above example) circumvents the damage from
'p=quarantine' or 'p=reject' policies by substituting the mailing list's
domain as sending domain during retransmission. It adds a Reply-To as
described in the above example, in order to preserve the sender's
intended originating address as well as possible under the
circumstances. Mailman does _not_ apply this mitigation to all
postings, only to ones from domains with p=quarantine or p=reject DMARC
policies (aggressive ones).

Admittedly, the end-result is a bit irksome, but it's the least-bad
solution to the DMARC challenge the Mailman developers have so far come
up with.

(I advised Devuan's mailing list administrators on how to handle the
DMARC problem, which was causing subscribers problems, as is happening
on mailing lists everywhere.)

-- 
Cheers,                                            "He who laughs last, lasts."
Rick Moen                                                       -- Leo Rosten
rick@???
McQ! (4x80)