On 12/02/2017 02:44, Viktor Dukhovni wrote:
On Sun, Feb 12, 2017 at 02:40:09AM +0100, Josh Good wrote:
And I don't mean to be an annoyance, but why no subject [tags]?
This list carefully avoids modifying the message headers and body.
Therefore, this list requires no ugly DMARC work-around hacks. I
am sure that we should keep it that way.
This thread has been informative, thank you to all contributors.
To go back to a point made by OP about SPF being 'good', it seems to me
that SPF is fundamentally and irretrievably flawed - and frankly should
be dropped. The fact that it works in 99.5% of situations just makes it
worse. Any email that is passed by a recipient through an intermediate
MTA (like all of mine, for instance) will have broken SPF when it
reaches its final destination MTA. It is impossible for the sender to
avoid this or indeed the recipient (unless they stop using an
intermediate relaying server, which may however be required for instance
to rewrite the destination mail address). Fortunately DMARC depends on
DKIM *or* SPF and it is very rare for legitimate emails from a
DMARC-enabled domain to fail DKIM and rely for success on passing SPF.
Secondly, IMO mailing lists should stop faking sender addresses and
instead should send either from the mailing list address or at least
from the mailing list domain e.g.
postfix-users-from-sender-at-domain....@postfix.org. That way the emails
could be fully DMARC-compliant and avoid problems even for original
senders with p=reject policy (for instance, yahoo users).
