Yes, it makes sense. Latest versions of mailing list software (Sympa since 6.2.6, Dada Mail since 7.0.2, Mailman since 2.1.16, GroupServer since 14.06) support From rewrite feature for domains with restrictive DMARC, it makes mailing list software compatible with DMARC. It may be required to enable some option like "Sending on behalf of" / "Munge the From: header". If somebody haven't this feature enabled, he should. Services like Google Groups also implement same behavior.
In the future, ARC protocol https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-21 may assist to authenticate messages sent via inderect message flow like this for some well-known/trusted forwarders (e.g. from known mailing lists). 27.11.2018 2:35, Roland Turner пишет: > Right. This is the envelope sender (5321.MAIL FROM). It doesn't align > with linktechs.net, so won't contribute to a DMARC pass. > > Why does the message have an author/5322.From: address in the > linktechs.net domain, but not a valid DKIM signature? This looks like > a typical list-breaks-DKIM scenario: > > * You're a member of the WISPA board > * You post to bo...@wispa.org > * The list expander sends a copy of the message back to you, with > your email address still appearing in 5322.From: > * But the list expander has changed the message in a way that breaks > DKIM > * The list expander does change the 5321.MAIL FROM to board-bounces, > but SPF would have failed anyway, so this does not create a new > problem > * The message reaches linktechs.net, showing a linktechs.net > 5322.From, but with an unaligned 5321.MAIL FROM and a broken DKIM > signature, so DMARC fails. The published policy requests > rejection, so that's what happens. > > Does this make sense? > > - Roland > > > On 27/11/18 3:36 am, Dennis Burgess via dmarc-discuss wrote: >> >> Nov 26 11:40:44 filter1 opendmarc[21194]: 406A610E1FC: SPF(mailfrom): >> board-boun...@wispa.org none >> >> >> >> * * >> >> *Dennis Burgess, Mikrotik Certified Trainer * >> >> Author of "Learn RouterOS- Second Edition” >> >> *Link Technologies, Inc*-- Mikrotik & WISP Support Services >> >> *Office*: 314-735-0270 Website: http://www.linktechs.net >> <http://www.linktechs.net/> >> >> Create Wireless Coverage’s with www.towercoverage.com >> >> >> >> *From:*Vladimir Dubrovin <dubro...@corp.mail.ru> >> *Sent:* Monday, November 26, 2018 1:28 PM >> *To:* Dennis Burgess <dmburg...@linktechs.net>; dmarc-discuss@dmarc.org >> *Subject:* Re: [dmarc-discuss] DMARC oddity >> >> >> >> >> You see envelope-from (aka RFC 5321.mailfrom) address in logs, while >> DMARC checks policy against From: header (RFC 5322.From), >> envelope-from and From: may differ. >> >> 26.11.2018 22:17, Dennis Burgess via dmarc-discuss пишет: >> >> Got an odd one, getting e-mails from another domain rejected >> based on the recipients domain policy? >> >> >> >> Nov 26 11:40:44 filter1 postfix/cleanup[63990]: 406A610E1FC: >> milter-reject: END-OF-MESSAGE from >> filter1.linktechs.email[127.0.0.1]: 5.7.1 rejected by DMARC >> policy for linktechs.net; from=<board-boun...@wispa.org >> <mailto:board-boun...@wispa.org>> to=<dmburg...@linktechs.net >> <mailto:dmburg...@linktechs.net>> proto=ESMTP >> helo=<spam.techwebhosting.net> >> >> Nov 26 11:40:44 filter1 postfix/smtpd[64109]: < >> inet:127.0.0.1:10020: 550 5.7.1 rejected by DMARC policy for >> linktechs.net >> >> Nov 26 11:40:44 filter1 postfix/smtpd[64109]: > >> spam.techwebhosting.net[216.146.225.112]: 550 5.7.1 rejected by >> DMARC policy for linktechs.net >> >> >> >> Linktechs.net yes says not to accept mail form other mailserver,s >> but this is a wispa.org domain that don’t have dmarc or even a >> SPF record? Why does it use the to domain to lookup dmarc policy? >> >> >> >> * * >> >> >> >> >> >> * * >> >> *Dennis Burgess, Mikrotik Certified Trainer * >> >> Author of "Learn RouterOS- Second Edition” >> >> *Link Technologies, Inc*-- Mikrotik & WISP Support Services >> >> *Office*: 314-735-0270 Website: http://www.linktechs.net >> <http://www.linktechs.net/> >> >> Create Wireless Coverage’s with www.towercoverage.com >> >> >> >> >> >> >> _______________________________________________ >> >> dmarc-discuss mailing list >> >> dmarc-discuss@dmarc.org <mailto:dmarc-discuss@dmarc.org> >> >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> >> >> >> -- >> Vladimir Dubrovin >> @Mail.Ru >> >> _______________________________________________ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) > > -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
