On 2022-08-24 15:18, Kevin J. McCarthy wrote: > On Wed, Aug 24, 2022 at 08:15:21PM +0200, Jan Eden wrote: > > I was under the impression that earlier issues with DMARC, DKIM and SPF > > with respect to mailing lists were solvable (cf. > > https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html), but this > > does not seem to be the case. Is there anything I can do myself to avoid > > such problems? My DMARC setup works fine for messages sent directly to > > recipients at Gmail, Yahoo, Comcast etc. > > I think OSUOSL implemented a DKIM filter some time in June, probably due to > lots of bounce-unsubscribe issues with other mailing customers. However, > this is probably causing your DMARC policy to fail, since the signature is > missing (or renamed). > > The Mutt lists already munge the From header for p=reject emails. I haven't > enabled it for p=quarantine, but this is a Mailman option I can control. > > Does anyone have feedback before I enable that?
Thank you for considering a changed configuration. FWIW, this is how my
own mail server handles my message to mutt-users (delivered via
smtp1.osuosl.org [140.211.166.138]):
Authentication-Results: mail.eden.one;
dkim=none;
dmarc=fail reason="SPF not aligned (strict), No valid DKIM"
header.from=eden.one (policy=none);
spf=pass (mail.eden.one: domain of [email protected]
designates 140.211.166.138 as permitted sender)
[email protected]
It reports a successful SPF authentication result, as does
outlook.com, but both servers still report a SPF failure overall:
<record>
<row>
<source_ip>140.211.166.138</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<envelope_to>outlook.com</envelope_to>
<envelope_from>mutt.org</envelope_from>
<header_from>eden.one</header_from>
</identifiers>
<auth_results>
<spf>
<domain>mutt.org</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
- Jan
signature.asc
Description: PGP signature
