Mailing Lists and DMARC

Our DMARC deployment experts often hear from customers about email from mailing lists not being delivered. Have you run up against this challenge in your DMARC project?

The complication with mailing lists and DMARC is at the core of what makes DMARC tick—identifier alignment. Alignment refers to the relationship between the domain in the From: header address and the domains associated with SPF and DKIM authentication checks. Alignment requires that these domains match and only emails that are aligned can pass DMARC.

Emails served up by a mailing list typically don’t make it to the inbox because the sending From: header isn’t aligned with SPF or DKIM from the sending domain. As dmarc.org explains, “the From: header in the email will not contain the domain name of the mailing list, and if the mailing list adds DKIM to all its emails, DKIM d= will not match. If the domain in the From: header is from an organization that publishes a DMARC record, the email is likely to not be delivered.”

The good news is that mailing list software is evolving to address the conflict with DMARC by rewriting the From: header to prevent spoofing and using a reply-to header.

To address the email delivery failure from mailing lists, “the only reasonable option is to have the mailing list server handle DMARC properly,” says Ash Morin, dmarcian’s Director of Deployment. “The majority of leading mailing list software have already implemented a DMARC fix in recent versions.”

If you use Mailman, check out their DMARC guidance here. LISTSERV talks about complying with DMARC here. If you use mailing list software that doesn’t address DMARC inoperability automatically, the best route is to contact the list administrator to find the best route forward in making DMARC compatible.

Here’s a complementary piece where we cover How Email Forwarding Affects DMARC.

If you need any assistance deploying DMARC, we’re here to help. You can register for a free trial with no strings attached, and we’ll help you along the way.

Feel free to use our DMARC research and testing tools; they are available to everyone, even if you don’t have a dmarcian account.

Want to continue the conversation? Head over to the dmarcian Forum.