Hi,
On Wed, May 27, 2026 at 08:55:30PM -0500, Greg Marks wrote:
> Here is what I see for the message digest on which this thread first
> appeared:
>
> X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on debian
> X-Spam-Level:
> X-Spam-Status: No, score=0.2 required=5.0 tests=DMARC_NONE,
> HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3,
> RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,T_TVD_MIME_EPI,
> T_TVD_MIME_NO_HEADERS autolearn=no autolearn_force=no version=4.0.1
>
> So, it's very far from being considered spam by SpamAssassin. Of course,
> different contents of the digest might change that.
The message was very far from being considered spam by *Debian's*
SpamAssassin at the point where the list server accepted it, but that
has little to do with whatever decision the OP's inbox provider might
make about it at the point where it receives the mail from Debian.
A common issue is that there either won't be a DKIM signature or there
will be a broken one from the original sender. According to RFC a broken
DKIM signature is supposed to be treated the same way as a missing one,
but that isn't always honoured.
Another issue is if the sending domain sets a restrictive DMARC policy.
Mails from this list should pass a DMARC check because only one of DKIM
or SPF is needed to do so, and lists.debian.org does have SPF, but
again, this doesn't always seem to be enough.
This is just the state of email today.
groups.io tends to have better deliverability because they rewrite the
from address to be themselves ("From: Some User via somelist
<[email protected]>") which enables them to DKIM sign and take full
responsibility, so DKIM and SPF will both pass and consequently DMARC
will as well. With the obvious usability downsides.
OP is going to have to learn more about allowlisting senders on their
inbox provider.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
