Skip to Content.
Sympa Menu

en - Re: [sympa-users] DMARC update?

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Miles Fidelman <address@concealed>
  • To: "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] DMARC update?
  • Date: Fri, 11 Apr 2014 00:29:18 -0400

There's been a lot of traffic about this on the mailops, dmarc, and nanog lists, as well as the mailman list.

Rewriting the from header does seem to be the easiest response - which is what mailman seems to be implementing, as well as this response:

It's also claimed (by and google) that adding an Original-Authentication-Results header, then adding one's own DKIM header works:
but I haven't seen that one actually performed by anyone yet.

Given that the newer versions of Sympa do have both incoming and outgoing DKIM capability - that would seem at least worth trying. But.. of course, that has to be done as part of Sympa internals.

One thing I've been thinking about is weather one could validate DKIM and apply an Original-Authentication-Results header via one's incoming MTA, and then use Sympa's outgoing DKI to re-sign the message.


Steve Shipway wrote:
I'm not sure what possible workarounds there really are.

You cannot just strip the DKIM signature (as's DMARC record states
the DKIM must be present and correct).

Leaving the Subject, From and Reply-To unmodified does not work, since Yahoo
make their DKIM signature also apply to the Receive headers. Passing
through your system will always add some of these rendering the signature

Stripping the signature AND anonymising the From header works (at least,
where I've tried it here), but this of course removes the identity of the
sender. This functionality is already present in Sympa (add the
remove-headers and anonymous options to your list) but is not really

I cannot see any way to allow the From header to remain unchanged as an address, but for the message to still pass DMARC.

One possibility might be to add a new anonymising mode, where the From
address is replaced, but the original is preserved as the Full Name. EG:

From: Steve Shipway <address@concealed>

...can be rewritten as...

From: "Steve Shipway <address@concealed>" <address@concealed>

This might be a vaguely acceptable solution. It would require a little work
in Sympa though to add the new option to the system, possibly as a suboption
to anonymous_sender, so only modifying I'll take a look and see if
I can make a suggested patch.


Steve Shipway

In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra

Archive powered by MHonArc 2.6.19+.

Top of Page