Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Emails use forged From header #321

Open
bgilbert opened this issue Sep 29, 2015 · 5 comments
Open

Emails use forged From header #321

bgilbert opened this issue Sep 29, 2015 · 5 comments

Comments

@bgilbert
Copy link

Community's emails put the sender's real email address in From and add a Community-specific Reply-To. Because of DMARC, forged From addresses are probably not very deliverable anymore. (Note that neither GitHub nor Zulip uses them.)

I noticed this because GMail routed a Yahoo user's post into my Spam folder. (The GMail UI was pretty specific about the cause, but unfortunately I don't have the exact text anymore.) In fact, both Google and Yahoo declare p=reject, not p=quarantine, so I'm not sure why emails from those users are getting through at all.

In addition, the forged From makes GMail's "Always display images from this sender" link (for permitting the web beacon) useless, since I'd have to click it once for each Recursor.

@zachallaun
Copy link
Member

These are all valid points, and I'd like to solve these problems. We forge From to make it easy for people to reply off-list. (We used to send all emails with From set to a Community email, similar to Github and Zulip, but there were a number of complaints and requests for an easier way to send off-list responses.)

We set other various headers that (hopefully) make it obvious that we're a mailing list and increase deliverability, e.g. all of the List-* headers.

Anyways, I'd like to come to a solution that maximizes deliverability and makes it easy/obvious to people how they should respond to each other off-list.

@bgilbert
Copy link
Author

bgilbert commented Oct 5, 2015

If the goal is that recipients shouldn't have to manually look up the sender's address, you could put it into the message footer (with a mailto link in the HTML part). That's a bit awkward, but OTOH recipients already can't just hit "reply" because of the Reply-To.

(Correction: google.com sets p=reject but gmail.com sets p=none, so the current situation is not quite as bad as I said.)

@strugee
Copy link
Member

strugee commented May 13, 2017

Maybe this is too much of a niche case to justify this but one other possible way to solve this would be to add an option that let the user configure this. From would be set to an RC address and the user could choose whether the mailing list address or the poster's private address ended up in Reply-To.

@FiloSottile
Copy link
Member

I tried working around this by setting include:mail.community.recurse.com in my SPF, but that doesn't work if the SMTP envelope domain is different. https://stackoverflow.com/questions/33288490/dmarc-spf-dkim-not-authenticating-with-third-party-mail

I really think we should change the From address to [email protected]. I lost two threads to this so far :(

@davidbalbert
Copy link
Member

I will try and look into this and #362 soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants