[OpenWrt-Devel] Problems with e-mail DMARC policy, and other usability issues

mail at adrianschmutzler.de mail at adrianschmutzler.de
Thu Jun 11 06:55:45 EDT 2020


> -----Original Message-----
> From: R. Diez [mailto:rdiezmail-openwrt at yahoo.com]
> Sent: Donnerstag, 11. Juni 2020 12:09
> To: openwrt-devel at lists.openwrt.org
> Subject: Problems with e-mail DMARC policy, and other usability issues
> Hi all:
> I am trying to contribute a few trivial changes to OpenWrt. So far it has been
> frustrating. I recently jumped through all the hoops and managed to e-mail
> the patches correctly (or so I believe):
> http://lists.infradead.org/pipermail/openwrt-devel/2020-June/023887.html
> http://lists.infradead.org/pipermail/openwrt-devel/2020-June/023888.html
> However, when I look at Patchwork, it has picked up the following lines as
> part of the commit message:
> ------------8<------------8<------------
> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
> ------------8<------------8<------------
> I am sure you have seen that often in this mailing list.
> The Patchwork links where you can see that effect are:
> https://patchwork.ozlabs.org/project/openwrt/patch/mailman.21997.15917
> 81638.2542.openwrt-devel at lists.openwrt.org/
> https://patchwork.ozlabs.org/project/openwrt/patch/mailman.22006.15917
> 83382.2542.openwrt-devel at lists.openwrt.org/
> I am not mailing list expert, but I have seen this problem recently with
> Microsoft Office 365 and with many other open-source-based mailing lists. It
> has been talked about everywhere because many e-mail providers have
> been tightening e-mail policies in an uphill battle against spam.
> I am using Yahoo, which I am not particular proud of, but this is a general
> issue affecting other providers. Under Patchwork, I could quickly find a few
> other people who got those lines in their commit messages too.
> Microsoft had to change the way their online system handles mailing list e-
> mails, and many other people had to change their ways too.
>  From what I gathered, I believe it is reasonable for providers to demand that
> you shall not forge e-mails (send e-mails pretending to be the user).
> And that is what many mailing lists actually tried to do until recently.
> Could you please stop your mailing list server from adding that "The sender
> domain has a DMARC..." warning? The server should do whatever wrapping /
> "reply to" header / forwarding it needs to do, or it has been decided it is best
> to do, and stop warning about it.

Well, the problem is that mailing lists and SPF don't work well together.

The domain of your e-mail has a domain that has DMARC configured in way that means "Throw away this e-mail if the From header doesn't match the sender's address".

However, the basic concept of a mailing list requires it to change the From header.

So there is no nice way out. If the wrapping was removed, all recipients would receive a mail where the From: header won't match the sender's address.
Their mail provider would then either move it to Spam or delete it right away, as that's what _your_ DMARC setting tells them. Don't know how patchwork will treat those mails, but most people on the list just wouldn't receive your mails anymore.

Therefore, the wrapping provides a way to still have your mails delivered.

There is a few ways out of it, but none of them is really compelling:
- Disable spam protection on the sender side: If you don't use SPF/DMARC, you won't have any problems. It's just normal mail then. Of course, then you won't help others to identify spam anymore.
- Adjust your DMARC policy to p=none . This will tell the sender side that it should still accept your mails even if SPF fails. That's what I'm using right now, and it doesn't have messages wrapped. Of course, it doesn't really provide a substantial spamming protection for the receiver anymore either.
- Don't use mailing list if you want to use sender-based spam protection. Haha ...

However, since you use a @yahoo.com mail address, you won't have control over your domain, and therefore cannot adjust the SPF/DMARC settings yahoo puts there. So, the options just discussed are effectively unavailable to you, except for the third one, which doesn't help you either. So, your options are limited now to

1. ask yahoo to disable/adjust DMARC/SPF, which I don't think they will do
2. get yourself a different mail address
3. live with the mail wrapping

Sorry, but this is not us being mean, it's just the fact that this kind of spam protection and mailing list are inherently incompatible.

(Another theoretical option might be to set up DKIM, as IIRC DMARC will be okay if either DKIM _or_ SPF is okay. However, setting up DKIM is almost impossible with one of the standard mail providers, and I'm not sure whether DKIM will survive the list anyway.)

If I was wrong somewhere, I would be glad if one of the pros could correct me.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20200611/ed408dd4/attachment.sig>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list