Hi again,
This change has just been deployed on all lists.
Do note one detail that was not obvious to me at first: not *all* emails get their "From" munged. Only mail from a provider with an *active* DMARC record (e.g. with `p=reject` or `p=quarantine`).
In other words, if your provider partially implements DMARC but doesn't tell others to actually reject invalid emails, the From does not get munged.
This might lead to some inconsistencies where some mails will come from the list and some from normal users. I think the solution for this is to simply not rely on From for filtering, which you were likely not doing anyways.
Details in the ticket, as usual:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/19914
Cheers,
a.
On 2021-09-07 11:54:03, Antoine Beaupré wrote:
Hi,
TL;DR: we are going to enable DMARC workarounds on Mailman mailing lists, which should improve deliverability. You may need to change your mailbox filters.
# What is happening?
We are going to change the configuration of all Mailman mailing lists to set the `dmarc_moderation_action` to `Munge From`.
This will change the `From` header of outgoing email from mailing lists (such as this one) from, say:
From: "Antoine Beaupré" <anarcat@torproject.org>.. to something like:
From: Antoine Beaupre via tor-project <tor-project@lists.torproject.org># Why are we doing this?
This is because some email providers comply with the DMARC standard. To give an example, say provider example.com says that only them is allowed to send email from that domain and a user@example.com sends an email to one of our mailing lists. It's possible that this email then ends up at provider user@test.test, which, when it looks at the DMARC policy, decides to refuse the email because example.com doesn't allow lists.torproject.org to impersonate it.
The net effect of this is that user@test.test will not get the email (at best) or (at worst!) get unsubscribed from the mailing list even though their email provider is actually complying with the email standard.
A longer discussion of this happened in the issue tracker, here:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/19914
# When?
This change will be performed in one week.
Tests have been going since August 24th on the tor-relays@ lists and it has actually solved issues there, while not causing any other problems.
# How?
TPA will actually change the configuration on all lists, in the backend. List admins wishing their list to be excluded can notify us by replying to this email or opening a ticket in the TPA issue tracker, as usual:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
A.
-- Antoine Beaupré torproject.org system administration