On 15/07/21 1:07 am, Bill Cole wrote:
If you want to post to discussion mailing lists, you should either use
a From address in a domain without any DMARC record or publish one
with a p=none policy and sign your messages with DKIM, even though
they are likely to be broken by the mailing list.
This is not entirely necessary. If you send to a list, using a From
address in a domain that has a DMARC policy (i.e. with p=quarantine or
p=reject), then provided that the message is properly DKIM-signed by the
From domain and hasn't been modified in a way that breaks that
signature, then there is no problem. The reason is because the DKIM
check still passes, and DMARC only requires the SPF check /or/ the DKIM
check to pass, it doesn't need both.
The main problem I've seen is when someone sends an email to a list,
using a From address in a domain that has a DMARC policy, where the
domain doesn't DKIM-sign the messages. In this case, because the mailing
list forwards the email using a different envelope address, there is no
way that DMARC can be satisfied.
In my experience DMARC works well if you set it up properly. But
unfortunately there are many opportunities for mail server
administrators to set it up badly, and that's when it causes problems.
And FWIW, I've never seen evidence of any DKIM signature breakage from
this mailing list (i.e. Postfix Users). But perhaps other mailing list
software might be problematic?
Nick.
