Re: Where is the nginx.org mailinglist gone?

Sun, 26 Oct 2025 09:17:37 -0700 

On 10/26/25 12:01 PM, Marco Moock wrote:

On 25.10.2025 22:50 Uhr monodev wrote:


On 10/25/25 9:28 PM, Marco Moock wrote:

If a mailing list doesn't rewrite the MAIL FROM, SPF will fail and
bounces (IIRC if subscribers have full inbox, deleted addresses
etc.) will go to the original sender of the message.


This mailing list does rewrite the envelope from, but the DMARC
reports I receive after posting here -- from providers both big
(gmail, outlook, hotmail) and small -- still universally report SPF
failures.


That is rather interesting.
Is it known why SPF fails in that case?
When I look at the source for your email I find the domain "dorfdsl.de" referenced in the following headers: 

- From
- Message-ID
- List-Archive
- Authentication-Results
- References
The latter three wouldn't make much sense, and Authentication-Results looks to be added by my setup through analyzing the From header. They definitely are not using Message-ID, because postfix-users does not change that, and does not have this issue. So it looks like they're looking at header from for SPF, strangely enough.
I think most small mail providers use either rspamd or Mail::DMARC to generate those reports, so their developers likely have better insight into this. 


There are also lists that rewrite both envelope from and from, so the
original domain isn't present. That fixes the DMARC issues.
It looks like doing that, using ARC, and adding a reply-to header for off-list communication is the most standards compliant setup. Not sure how many mailing lists actually do that though, let alone mail providers configuring their setup to work correctly with it (as stated mine definitely doesn't, ignores ARC and reports broken DKIM).
Then again from what I've read over the last 24 hours ARC also has its own problems and certain mail services have opted to ignore it altogether as it can also be faked... So maybe instead of ARC getting rid of the original DKIM signature and re-signing the mail might be a good idea?
At any rate email is complex, and not even this list seems to be applying the authentication aspects of it correctly. Hence looping back to my original idea of email perhaps not being too suitable for the public forum usecase. 

Cheers,
monodev

Reply via email to