How Mail-List.com handles DMARC Reject settings
Mail-List.com will automatically compensate for any domains that have set up DMARC policies of Reject or Quarantine. A detailed explanation is listed below.
DMARC and Mailing Lists do not play well together.
Traditionally, mailing lists keep the Author's email address in the From: Header of messages sent to the subscribers of the mailing list.
Problem: the server sending the message to the subscriber belongs to the mailing list service, and not the Author of the message. This causes an issue with DMARC.
The DMARC specification says that the envelope domain and From: Header domain must match, at least at the Organization Domain (aka OD) level. This is called "alignment check".
- If DMARC policy is "aspf=s" (strict mode), the two domains must match exactly.
- If DMARC policy is "aspf=r" (relax mode) or no "aspf", the ODs must be an exact match or a parent/child match (i.e. example.com and child.example.com). Refer to this MXToolbox explanation for more detail.
When the server receiving the email tries to discover the DMARC policy from DNS (Domain Name System), it will first try the From: Header domain. If no such DNS record is defined, it will continue to look at the OD of that domain.
How can this affect my Mailing List?
Without some intervention by Mail-List.com, messages sent from your subscribers to the mailing list will be rejected by many ISPs, never reaching the other subscribers.
Why would my subscribers messages be rejected?
Let's explain with an example. Your subscriber's name is John Doe. When John sends an email, his From: Header looks like this:
From: John Doe <firstname.lastname@example.org>
For this example, let's say the IP address of doe.com is 123.45.678.9.
SPF - authentication #1
SPF defines where emails should originate. SPF records in DNS list the valid IP addresses that John's email should come from.
In the case of John Doe, the sending server IP address should be 123.45.678.9.
But, John's email comes from a Mail-List.com server, IP 987.65.432.1.
DMARC - authentication #2
DMARC defines whether emails should be rejected when the email is sent from an IP Address other than that listed in SPF. They ask for that rejection by using a DMARC Policy of either Reject or Quarantine.
This policy tells other ISPs to Reject (or put in the spam folder) any emails that arrive from IP addresses other than those specified in the SPF record for the sending domain.
If your Mailing List is using the Mail-List.com domain (for example: email@example.com), then John Doe's email is sent using an IP listed for Mail-List.com.........and not from the IP Address of Doe.com.
In the case of John Doe -
His email should be coming from 123.45.678.9.
Instead, his email is coming from 987.65.432.1.......a Mail-List.com IP.
This mismatched IP Address will cause his email to be rejected or sent to Spam.
Can Mail-List.com fix this issue?
For any Sender's email that has a DMARC policy of Reject or Quarantine, Mail-List.com will automatically adjust the From: Header.
For example, let's say John's domain has DMARC set to Reject. In that case, we adjust the From: Header to look like this:
From: john at doe.com <firstname.lastname@example.org>
The address in the <angle brackets> is considered the sending email address by ISPs, while the rest of the words are just a comment or Friendly Name.
Does Mail-List.com check each Mailing List email?
Yes. Each time an email message is sent to the mailing list, we check for DMARC settings in DNS.
If DNS says p=reject or p=quarantine, then we alter the From: Header. We change it so the message does not come from the Author's domain name.
What if my Mailing List uses the @mail-list.com domain?
For any Lists using the Mail-List.com domain, no action is required.
When the DMARC policy is changed, we will notice automatically and take appropriate action.
What if my Mailing List uses its own domain?
Everything should work fine as long as there is no DMARC record or a policy=none for both the sub-domain and Organization Domain.
If your domain name has a DMARC policy of Reject or Quarantine, then we will need to adjust the From: Header to use the Mail-List.com domain. This is because our Envelope Sender and the From: Header will conflict, with the email being rejected.
Mailing List uses their own domain: lists.example.com
lists.example.com has DMARC set to Reject.
Original email: From: john at doe.com <email@example.com>
We change to: From: john at doe.com <firstname.lastname@example.org>