Yahoo! & DMARC Revisited
If you're coming to this fresh you need to read this article first which explains how it is that for some mailing lists we host I was having to re-write the From address so that mailman produces a mail that looks like this1:
From: "Paul Oldham firstname.lastname@example.org via milton-chat" <email@example.com>
The key element is that the email appears to be from the list email address, not from the true sender. This means that if a Yahoo! subscriber emails the list then the email will be accepted by Yahoo! for other Yahoo! subscribers. It won't be otherwise. This is the evil which is DMARC.
I thought I'd long since put this one to bed but yesterday an oddity. It turns out that the Apple Mail mail client has a bizarre way of presenting email2. If the email address is in the user's address book then, rather than showing the textual part of the From address, it shows the text entry from the address book. So this meant that this user was seeing every email as "From: Chat about Milton"3 so they had no idea who the sender was most of the time as many senders don't bother with .sigs4.
After some discussion the only solution I could come up with at the time was to append the original From address to the bottom of the email as a fake .sig so for example if the email was from me it would end (as I do have .sig):
I wasn't not wild about this but it was the best I could come up with.
Thinking about it afterwards however it dawned on me that I wasn't thinking this through. Last September it looked like DMARC might become a thing. It hasn't. Only Yahoo! seem to have run with it judging by the lists I don't have the mitigation measures enabled on.
So I now have a new, rather more elegant solution. I do all of the nastiness I'm describing above ... but only for email from Yahoo! and AOL users as that's the only email you need to do it on. Of the bigger lists I'm hosting here typically only about 10% are using Yahoo! addresses and about 5% are using AOL so this looks like a win to me as 85% of emails on lists with DMARC mitigation is now going out un-munged.
- Although not actually on milton-chat but I'm using that as an example of how it would look.
- This behaviour sucks, and here's why. Suppose I get an email from '"Fred Smith" <firstname.lastname@example.org>' and so in my address book, if I've not already added it, Apple Mail records that. So the email displays as "From: Fred Smith". Six months later Fred moves on and Julie Jones takes over as chair of XYZ so her email address is now . I update my address book to reflect that. So now in my address book is Julie Jones. Now, if I look back at that original email it claims to be from ... Julie Jones!
- Again, not the actual list they were subscribed to but you get the idea.
|Tags: internet, linux||Written 08/03/15|
You can follow these posts on Twitter at @Wibblings