On 11/21/19 9:45 PM, Wesley Peng wrote: > Greetings, > > When mail is relayed through mailing list, why the DMARC policy is > possible to reject? > > For example, I sent mail from x...@mail.ru to y...@googlegroups.com > > Since mail.ru has the strictest DMARC policy, the recepients may > choose to reject this mail which is relayed by googlegroups, the > reason is due to DKIM or SPF fails. > > So mailing list makes DKIM or SPF failed? > > Thank you for your helps. > > Regards. > The issue is that the way many mailing list work, if a person from a domain with strict DMARC policy sends a message to the mailing list, and it is altered in a way that makes it fail DKIM, (and it will fail SPF), so any attempted recipient from a domain that honors the DMARC policy will send a reject DSN to the mailing list, which may cause those recipients to get unsubscribed due to undeliverable mail.
It would seem unfair to punish the recipient for something they didn't do wrong, sending the reject DSN is the appropriate result. The real error is arguably the sending of an email to a mailing list from a domain that by its policies doesn't allow the use of that type of mailing list. The typical options for the mailing list are 1) Just not allow people from such domains to post to the list (the reject option you mention) 2) Rewrite the from address from people from such a domain to be from the domain of the list (often the list address). This is arguably discouraged by the email RFCs, as the from address should indicate the AUTHOR of the message, which is the original sender. It also can cause problems with identifying who sent the message, and can corrupt peoples address books if their program records that address as being associated with the sender. It can also make it harder to reply just to the sender. 3) Rewrite the message by wrapping it as an attachment, with the outer message being from the list. This has the problem that many clients won't handle the message in a useful manner. -- Richard Damon
