How handles DMARC Reject settings will automatically compensate for any domains that have set up DMARC policies of Reject or Quarantine

DMARC and Mailing Lists do not play well together

Traditionally, mailing lists keep the Author's email address in the From header of messages sent to the subscribers of the mailing list.

The server sending the message to the subscriber belongs to the mailing list service, not the Author of the message.

The DMARC specification says that the envelope domain and From header domain must match, at least at the Organization Domain (aka OD) level.  That is called "alignment check". If the DMARC policy has "aspf=s" (strict mode), the two domains must match exactly.  If the policy has "aspf=r" (relax mode) or no "aspf", the ODs must match.

When the mail receiver side tries to discover the DMARC policy from DNS, it shall first try the From header domain.  If no such DNS record is defined, it will continue to look at the OD of that domain.

From: John Doe <>

SPF defines where emails should originate

SPF records in DNS list the valid IP addresses that email should come from.

DMARC define whether emails should be rejected

DMARC records in DNS can ask other ISP's to reject email not from those designated IP Addresses in SPF.

DMARC policy of Reject or Quarantine

Tells other ISP to Reject or put in the spam folder any emails that arrive from IP addresses other than those specified in the SPF record for that domain

Therefore, messages from your subscribers to mailing lists will never reach the other people on the mailing list will automatically adjust the From: header

For any Author's email that has DMARC policy of Reject or Quarantine

From: john at <>

The address in the angle brackets is considered the email address, while the rest of the words are just a comment or Friendly Name

Each time an email message is sent to the mailing list, will check for DMARC settings in DNS

If DNS says p=reject or p=quarantine

Then will alter the From: header, so that it does not come from the Author's domain name

Therefore, domains with subscribers on mailing lists do not have to take any action

When the DMARC policy is changed, we will notice automatically and take appropriate action.

Mailing lists using their own domain names should work fine

Assuming they have no DMARC record, or a policy=none, for both the sub-domain and Organization Domain.

From: john at <>

Unless their domain name has a DMARC policy of reject or quarantine.  Since our Envelope Sender and the From: header will conflict, we will use our domain name in the From: header

From: john at <>



Add your comment

E-Mail me when someone replies to this comment