On Sat, Jul 15, 2023 at 10:04:18PM -0500, Thomas Cameron wrote:
> <dkim>pass</dkim>
> <spf>fail</spf>
> </policy_evaluated>

So, it fails SPF, but DKIM passes. Meaning, your mail would pass
normally modern servers which check both. 

If you do not want to receive such status messages, you should update
your DMARC records (currently _dmarc.camerontech.com indicates you
want to receive BOTH aggregate "rua=" and forensic "ruf=" reports;
and that you want to receive status updates when the message would've
passed normally via "fo=1")

> So it seems like my emails are being quarantined when I send them to mailing
> lists, even this one.

What? No. At least not in this report you shared. You seem to be
confusing "<policy_published>" section (which is just a dump of DNS
which that server sees) with actual "<result>"s leading to final
"<disposition>" of "none" (which is good, as opposed to "reject" or
"quarantine" which would not be).

You probably might want to use some nice frontend to visualizing
DMARC results, if reading XML and SPF/DKIM/DMARC protocol internals
is not second nature for you. 
e.g. https://github.com/topics/dmarc-reports

> > +1 for encouraging mailing list operators to get with the times.
> > 
> > You can also do as Robert suggests and use a separate (sub)domain for
> > mailing lists with different SPF settings thereon.
> 
> It's not so much mailing list operators I'm worried about. It's that, when
> my email goes through a listserv mailing list, if I define hard failures, I
> am worried that my email isn't going to get to list members. That's not the
> mailing list admin, it's the admins of the list members' mail servers. If
> I'm not understanding something, please feel free to clarify.

If mailing list is employing SRS, mail reaching final recipients
would not be failing SPF checkes, as envelope sender (i.e. SMTP's
"MAIL FROM: <xxxx>") would be rewritten as the mail is coming from 
mailing list domain and their servers (as it would), not yours.

See https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

Only if the mailing list remailing server leaves original (your)
envelope sender (which it shouldn't be doing, yet often does), would
you get such SPF problems. So, SPF problem is solvable from mailing
list server side, if its admins are willing.

Also, if your mails are signed by DKIM, and mailing list software is
not rewriting signed headers nor body (as it shouldn't, but some
mailing lists try to add annoying text to the bottom of messages like
"to unsubscribe, do xyz", thus breaking both DKIM, S/MIME and PGP
signatures), then your mail should pass DKIM checks too. 
So that problem is avoidable on mailing list server side too.

-- 
Opinions above are GNU-copylefted.

Reply via email to