Emails use forged From header

[bgilbert]

Community's emails put the sender's real email address in From and add a Community-specific Reply-To. Because of DMARC, forged From addresses are probably not very deliverable anymore. (Note that neither GitHub nor Zulip uses them.)

I noticed this because GMail routed a Yahoo user's post into my Spam folder. (The GMail UI was pretty specific about the cause, but unfortunately I don't have the exact text anymore.) In fact, both Google and Yahoo declare p=reject, not p=quarantine, so I'm not sure why emails from those users are getting through at all.

In addition, the forged From makes GMail's "Always display images from this sender" link (for permitting the web beacon) useless, since I'd have to click it once for each Recursor.

[zachallaun]

These are all valid points, and I'd like to solve these problems. We forge From to make it easy for people to reply off-list. (We used to send all emails with From set to a Community email, similar to Github and Zulip, but there were a number of complaints and requests for an easier way to send off-list responses.)

We set other various headers that (hopefully) make it obvious that we're a mailing list and increase deliverability, e.g. all of the List-* headers.

Anyways, I'd like to come to a solution that maximizes deliverability and makes it easy/obvious to people how they should respond to each other off-list.

[bgilbert]

If the goal is that recipients shouldn't have to manually look up the sender's address, you could put it into the message footer (with a mailto link in the HTML part). That's a bit awkward, but OTOH recipients already can't just hit "reply" because of the Reply-To.

(Correction: google.com sets p=reject but gmail.com sets p=none, so the current situation is not quite as bad as I said.)

[strugee]

Maybe this is too much of a niche case to justify this but one other possible way to solve this would be to add an option that let the user configure this. From would be set to an RC address and the user could choose whether the mailing list address or the poster's private address ended up in Reply-To.

[FiloSottile]

I tried working around this by setting include:mail.community.recurse.com in my SPF, but that doesn't work if the SMTP envelope domain is different. https://stackoverflow.com/questions/33288490/dmarc-spf-dkim-not-authenticating-with-third-party-mail

I really think we should change the From address to ...@mail.community.recurse.com. I lost two threads to this so far :(

[davidbalbert]

I will try and look into this and #362 soon.