• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

DMARC and Mailing Lists

Blogs
DMARC and Mailing Lists

When an email is sent via a mailing list, the original sender’s identity is hidden. This means that the DMARC policy for any domains involved in the mailing list can’t be used to identify the sending domain or determine whether it should be considered legitimate using SPF authentication. This issue can however be resolved. 

What is a Mailing List?

If you’re not already familiar with the term “mailing list,” it’s a group of people who receive information from you via email. You can create a mailing list for any purpose, but most often they are used to send newsletters or updates about your business.

Example: MailChimp Email Builder

Mailing lists can be used for many purposes:

  • They let you send out newsletters and promotions without having to worry about spam filters or getting people’s emails wrong (or worse, accidentally sending emails to the wrong person).
  •  They help you connect with potential customers who wouldn’t normally see your advertising.
  • They can help you build trust with your followers by providing them with exclusive information that they won’t find anywhere else (like sneak peeks at new products or discounts on future purchases).

How does DMARC work?

DMARC uses a few different methods to identify the sending domain and check whether it should be considered legitimate:

  1. The Sender Policy Framework (SPF) record identifies which IP addresses are permitted to send emails with a particular domain name. An SPF record can include information about subdomains as well.
  2. The DomainKeys Identified Mail (DKIM) DNS record contains information about the cryptographic keys used by this domain for signing messages and verifying their signatures. Emails with valid DKIM signatures will be delivered; those without valid signatures will not be delivered or may have their headers modified so that they’re marked as spam by recipients’ email clients.

How can the usage of Mailing Lists affect your DMARC policies?

If your email marketing provider uses DMARC to protect your emails, you’re in good shape. But sometimes there are issues when emails are being sent via mailing lists or from third-party platforms.

Let’s visualize email flow using a mailing list:

mailing list

Since the mail flow isn’t direct and passes through an intermediary listing server to reach the inboxes of your list members, the header and body information gets altered during the transfer. 

This leads to: 

  • SPF fail due to an altered return-path address 
  • DKIM fail due to modifications to the message body

How to bypass the problem with Mailing Lists?

1. Configure your DMARC policy at none 

If you want to make sure your emails don’t fail delivery due to a failed SPF or DKIM check when they are sent via a mailing list, you can configure your DMARC policy at none. This enables you to get your emails delivered to the inboxes of your list of members even if they fail authentication. 

Word of caution: However, it is important to remember that a relaxed policy like p=none will not shield you from brand impersonation attacks like phishing and spoofing. 

mailing list

2. Specify IP addresses for all intermediary listing servers in your domain’s SPF record 

Another way you can ensure that your emails don’t fail authentication in the first place is by specifying the IP addresses of all intermediary listing servers in your domain’s SPF record. This will help your receiver identify them as legitimate senders for your domain during an SPF lookup. 

mailing list

Note: Third-party domains and IPs can add to the number of DNS lookups per session and make you quickly exceed the RFC-specified limit for SPF. To make sure you stay under the limit at all times, configure an SPF Flattening tool for your domain.

3. Using Authenticated Received Chain (ARC)

ARC helps avoid authentication failures triggered by mailing lists by keeping a live track of an email’s original email headers and signatures throughout the message delivery process. This helps email receiving servers validate the senders properly, without any false negatives.

mailing list

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Methods To Protect Yourself From Identity Theft - September 29, 2023
  • The Role of DNS in Email Security - September 29, 2023
  • New Age Phishing Threats and How to Plan Ahead - September 29, 2023
October 10, 2022/by Ahona Rudra
Tags: Dmarc and mailing lists, DMARC mailing list, mailing list, mailing list error, mailing lists
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Methods To Protect Yourself From Identity Theft
    Methods To Protect Yourself From Identity TheftSeptember 29, 2023 - 12:11 pm
  • The Role of DNS in Email Security
    The Role of DNS in Email SecuritySeptember 29, 2023 - 12:08 pm
  • New Age Phishing Threats and How To Plan Ahead
    New Age Phishing Threats and How to Plan AheadSeptember 29, 2023 - 12:06 pm
  • How to View and Analyze Message Headers Online
    How to View and Analyze Message Headers Online?September 26, 2023 - 12:59 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
What are Malicious Email Attachments?What are Malicious Email AttachmentsWhat is BEC 02What Is Business Email Compromise?
Scroll to top