On Aug 6, 2015, at 4:25 PM, Heiko Richter <em...@heikorichter.name> wrote: > Whenever I post something to the list (I'm not using SMTP, I'm using a > usenet server to post to comp.protocols.dns.bind), my postmaster > address receives DMARC notifications from list members that have > employed this wonderful protocol on their servers, telling me my > message had been rejected for violating my SPF policy. > > My SPF record doesn't include lists.ist.org <http://lists.ist.org/>, of > course and it never > will. Furthermore it ends with "-all" so all my messages to the list > are being rejected by list members who have spf aware servers.
DMARC makes assumptions which do not play nicely with mailing lists-- in particular, a mailing list is always going to want to use a bounce address within it's own domain to notice failing delivery-- so SPF usually isn't going to match. The choices I see are to either list the mailservers of the mailing lists you participate on in your SPF records, convince the folks receiving your mail to whitelist the ISC mailing servers from SPF / DMARC checks, and/or change your SPF policy from -all to something less strict. Otherwise, accept that the choices you've made mean the messages you send will frequently bounce. > So ISC: please fix your list servers, let them rewrite the From headers! How would this help? Changing the From header breaks your domain's DKIM signing; are you asking them to take ownership of your messages and then DKIM sign them on behalf of isc.org? That breaks normal email replies. Even the DMARC FAQ is honest enough to note that every alternative has major cons: https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F Regards, -- -Chuck
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
