On Sat, Jul 15, 2023 at 10:04:18PM -0500, Thomas Cameron wrote: > <dkim>pass</dkim> > <spf>fail</spf> > </policy_evaluated>
So, it fails SPF, but DKIM passes. Meaning, your mail would pass normally modern servers which check both. If you do not want to receive such status messages, you should update your DMARC records (currently _dmarc.camerontech.com indicates you want to receive BOTH aggregate "rua=" and forensic "ruf=" reports; and that you want to receive status updates when the message would've passed normally via "fo=1") > So it seems like my emails are being quarantined when I send them to mailing > lists, even this one. What? No. At least not in this report you shared. You seem to be confusing "<policy_published>" section (which is just a dump of DNS which that server sees) with actual "<result>"s leading to final "<disposition>" of "none" (which is good, as opposed to "reject" or "quarantine" which would not be). You probably might want to use some nice frontend to visualizing DMARC results, if reading XML and SPF/DKIM/DMARC protocol internals is not second nature for you. e.g. https://github.com/topics/dmarc-reports > > +1 for encouraging mailing list operators to get with the times. > > > > You can also do as Robert suggests and use a separate (sub)domain for > > mailing lists with different SPF settings thereon. > > It's not so much mailing list operators I'm worried about. It's that, when > my email goes through a listserv mailing list, if I define hard failures, I > am worried that my email isn't going to get to list members. That's not the > mailing list admin, it's the admins of the list members' mail servers. If > I'm not understanding something, please feel free to clarify. If mailing list is employing SRS, mail reaching final recipients would not be failing SPF checkes, as envelope sender (i.e. SMTP's "MAIL FROM: <xxxx>") would be rewritten as the mail is coming from mailing list domain and their servers (as it would), not yours. See https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme Only if the mailing list remailing server leaves original (your) envelope sender (which it shouldn't be doing, yet often does), would you get such SPF problems. So, SPF problem is solvable from mailing list server side, if its admins are willing. Also, if your mails are signed by DKIM, and mailing list software is not rewriting signed headers nor body (as it shouldn't, but some mailing lists try to add annoying text to the bottom of messages like "to unsubscribe, do xyz", thus breaking both DKIM, S/MIME and PGP signatures), then your mail should pass DKIM checks too. So that problem is avoidable on mailing list server side too. -- Opinions above are GNU-copylefted.
