We host many journals with editors from many different external organisations so we have set in config.inc.php:
default_envelope_sender = noreply@our.domain
force_default_envelope_sender = On
This results in the envelope sender (MAIL FROM/Return-Path) being set to default_envelope_sender, but the From: header is still set to the address of the editor, which is often a domain that we are not authorized to send mail on behalf of.
We are now getting complaints that this is in violation of DMARC and I’m told that to fix it the envelope address and the From: header address must match. I’m not sure if that is a correct interpretation of DMARC rules, but the DMARC FAQ seems to suggest that in our case it would work since we are authorized to send mail on behalf of the default_envelope_sender domain.
To that end I’ve done this modification to Mail.inc.php:
diff --git a/lib/pkp/classes/mail/Mail.inc.php b/lib/pkp/classes/mail/Mail.inc.php
index 207f56da8..c809ed986 100644
--- a/lib/pkp/classes/mail/Mail.inc.php
+++ b/lib/pkp/classes/mail/Mail.inc.php
@@ -488,7 +488,14 @@ class Mail extends DataObject {
}
if (($s = $this->getEnvelopeSender()) != null) $mailer->Sender = $s;
if (($f = $this->getFrom()) != null) {
- $mailer->SetFrom($f['email'], $f['name']);
+ # If we have forced the envelope sender, then add the original from to the Reply-To header
+ # and override the From: header with the envelope sender.
+ if (Config::getVar('email', 'force_default_envelope_sender') && Config::getVar('email', 'default_envelope_sender')) {
+ $mailer->AddReplyTo($f['email'], $f['name']);
+ $mailer->SetFrom(Config::getVar('email', 'default_envelope_sender'), '');
+ } else {
+ $mailer->SetFrom($f['email'], $f['name']);
+ }
}
if (($r = $this->getReplyTo()) != null) {
$mailer->AddReplyTo($r['email'], $r['name']);
This change was inspired by pkp/pkp-lib#1723: force_default_envelope_sender moves the traditional from to a reply-to for DMARC compliance by ctgraham · Pull Request #1724 · pkp/pkp-lib · GitHub and it seems to be working in my limited testing in that it shifts the contents of the From header to a Reply-To header and then sets the From header to the default_envelope_sender.
Thoughts? Is this the right way to go?