Making Mailman DMARC compliant

Author: | Posted in Netzwerk No comments

DMARC is available since 2011 as a draft and since March 2015 with RFC 7489. Two years ago, Yahoo and other big e-mail providers have announced, that they will reject e-mails based on DMARC. This is generally a good thing, but it can cause problems for forwarded e-mails (don’t do that, never!) and for mailing lists. If you are running a mailing list, you have to make sure that your mailing list isn’t breaking DMARC. Otherwise, you might experience problems with e-mail delivery.

The reason why mailing lists are breaking DMARC, is SPF and DKIM. DMARC relies on SPF and DKIM and they the cause, why mailing lists are breaking DMARC:

  1. SPF may fail, because the mailing list server is acting as a sending server for a third party domain.
  2. DKIM fails, because the mailing list server changes the e-mail headers.

To avoid DMARC problems on mailing lists, never Mailman’s configuration has to be made DMARC compatible. Make sure, that you are running at least Mailman version 2.1.18.

First, log into the administrative interface of your mailing list and change from_is_list to “Munge From” in the General Options:

mailman_dmarc_settings

This will result in Mailman rewriting (Munge) the From: header with the posters name ‘via the list’ and the list’s address and merge the poster’s address into Reply-To:. Make sure, you change this option on all mailing lists of your Mailman installation.

As a second stop, add the following line your mm_cfg.py and restart Mailman afterwards:

REMOVE_DKIM_HEADERS = 1

With this, Mailman  will remove, if there are any, the DKIM entries within the mail header.

That’s actually it. Your mailing list shouldn’t break DMARC anymore.

Add Your Comment