Listserv emails seen as a threat

Technical Help
1

I’m the mail administrator for a medical school. One of our faculty belongs to a listserv group, MEDLIB-L@LIST.UVM.EDU. When these emails would be received I’d see large spikes of email for our domain being identified as threat/unknown within dmarcian.com. I eventually stopped accepting these emails for our domain and the spikes stopped.

The faculty member who belonged to this group reached out to me to say that he wasn’t receiving any more of those emails. I’ve now been in contact with the listserv administrator and says she can change the mail headers in a few different ways. In the end, I assume that the headers of these emails are the issue… they’re a bit different that what I would normally see. Is there a suggestion for which mail header should be used that may prevent these emails being seen as a threat?

Help for Mail Header Style

Normal LISTSERV-style header
“Full” mail headers (normally the default), containing Internet routing information, MIME headers, and so forth. The (‘To:’) header contains the address of the list.

LISTSERV-style, with list name in subject
“Full” mail headers (like the default) except that a “subject tag” is added to the subject line of mail coming from the list. If there is no subject tag defined in the list’s configuration, the name of the list will be used. This can be very useful for sorting and filtering mail.

"Dual" (second header in mail body)
Dual headers are regular short headers followed by a second header inside the message body. This second header shows what list the message is coming from (‘Sender:’), the name and address of the person who posted it (‘Poster:’), the poster’s organization, if present, and the message subject. Dual headers are helpful if your mail client does not preserve the original return email address.

sendmail-style (advanced option)
This option selects sendmail-style headers, i.e. an exact copy of the original, incoming mail header with the addition of a (‘Received:’) line and a (‘Sender:’) field. Some technical people prefer this type of header.

Normal LISTSERV-style (RFC 822 Compliant) (advanced option)
“Full” mail headers (like the default) except that the (‘To:’) header contains the recipient’s email address instead of the list address.

Thanks
Scott

2

Hello Scott,
I don’t have guidance on specific configuration of Listserv, but I believe that I understand what the problem is and can suggest potential workarounds. “sendmail-style” sounds like the best option, but there would also have to be no body modifications. Read on.
Since your domain is at p=reject, the delivery problem on the other side of the list is due to DMARC failures. The From header of the message from the list still has your domain, so DMARC will apply, but now neither SPF or DKIM pass; SPF fails alignment since the list mails with its own mailfrom, and DKIM verification fails because the listserv software has updated headers and probably the message body as well.
Option 1 is along the lines of the “sendmail-style” header updates. But as mentioned, there would also have to be no body modification. (or perhaps you configure DKIM signing for this user to only sign headers?)
2. Have this user communicate on the list from an address on a subdomain which you do not enforce DMARC on
3. Ask that the list update the From address to be their own, not the original sender’s. This makes DMARC verification check+work against that domain rather than your own.

3

Hi Scott
Hope this link may help with your issue.
https://www.lsoft.com/news/dmarc-issue1-2018.asp

Thanks
Mark