On Fri, Aug 24, 2018 at 04:36:28PM -0400, Andrew Sullivan wrote: > On Fri, Aug 24, 2018 at 02:10:00PM -0500, Ryan Beethe wrote: > > Also it is my understanding that SPF and DKIM suffer the same > > issues... if the mailing list is configured incorrectly then when I > > receive an email from a list it won't pass SPF and/or DKIM. > > The ways stuff breaks differs depending on the SPF and DKIM > arrangement. DMARC was an attempt to wed these two technologies in a > deployable way, and in fact it broke every mailing list > automatically. But since the Big Guys wanted it, that's what we got > anyway. So it isn't so much the list that is broken, but the approach. > > Basically, an infrastructure that depends on the ability to connect > people with no pre-existing relationship through arbitrary > intermediate points cannot work unless the abuse potential is opened > unacceptably wide. :(
That all makes sense. So now I think I understand that, of the following three steps I listed initially: - Non-SASL mail w/ env From matching my domain - Non-SASL mail w/ Sender matching my domain - Non-SASL mail w/o Sender: and hdr From matching my domain the first of those would be covered by SPF, since I'm in control of my own SPF policy. But the other two would not be affected by SPF at all, and in general are not redundant, because DKIM is going to be broken for a lot of incoming mailing list mail, but the rules I have would still apply. So I still have this question: would the last two rules listed above play nice with mailing lists in general? Is there an appreciable contingent of mailing lists which don't list themselves in either the >From OR the Sender? I think that would be the only problem. Ryan
