Mail from myself says “improperly forwarded” when writing to a mailing list

[Watilin]

• Which browser (+ version)?
  • Palemoon 27.7.1 (but I’d say it’s not relevant)
• Which OS (+ version)?
  • Windows 7 32bit (idem)
• Which layout mode?
  • Column mode (idem)
• Which threading mode?
  • Conversation mode (idem)
• Can you reproduce the problem each time?
  • Yes
• Which url?
  • Not sure what to answer… https://mail.protonmail.com/inbox/?

What steps will reproduce the problem?

1. Have a mailing list address on which you have write permission— for privacy purposes I cannot disclose the address of the list I use
2. Send an email with any contents to that list
3. Wait a moment…
4. Check inbox (or spam) folder and find the copy of your message that went through the list

What is the expected result?

The received email should never go to the spam folder, and you shouldn’t be warned about the email being improperly forwarded.

What happens instead?

The received email sometimes goes to the spam folder, and you notice a red warning box containing this message:

This email seems to be from a ProtonMail address but came from outside our system and failed our authentication requirements. It may be spoofed or improperly forwarded!

Please provide any additional information below. Attach a screenshot if possible.

[bartbutler]

It's sort of a problem with mailing lists and DMARC in general that's not super-fixable.

https://blogs.msdn.microsoft.com/tzink/2015/05/28/solving-the-problem-of-dmarcs-incompatibility-with-mailing-lists-part-1/

We could change the the message when it's a mailing list but we shouldn't hide it entirely, because spammers can just put mailing list headers in their spam.

We could hide this message if the email is in the spam whitelist perhaps. Could still be issues with other clients reading the message.

[Watilin]

Actually what I thought is a bug here, is the fact that the email comes from myself and ProtonMail should be able to recognize this case. Maybe by comparing message hashes client-side or something. … But now I realize this might be overly complex, and wouldn’t be worth the development time put into it.

Closing the issue :)

[bartbutler]

Yeah, fundamentally this is sort of a 'standard' problem with DMARC (which we use for our domains) and mailing lists. Some reading if you'd like to learn more:

https://blogs.msdn.microsoft.com/tzink/2015/05/28/solving-the-problem-of-dmarcs-incompatibility-with-mailing-lists-part-1/