On 2021-05-13 17:52, Dominic Raferd wrote:
Understood. Good thinking but yes I cover this in my existing setup. I was thinking there must be a simpler way but no worries...
header From: can only be protected with dkim, and not by signing all forged domains that pass mailservr, god example is when mailservers resign mail in transfer, it breaks more then just arc sealing mail in transfer before dkim is breaked
postfix maillist have no spf, no dkim breakage, so spf will get spf none, spf helo none, but in dkim signed mail dkim pass, and if dmarc on header from dmarc pass
if just other maillist servers did this, it would not be needed with openarc, opendmarc
