On 08/23/2015 10:59 AM, Stephen J. Turnbull wrote: > Mark Sapiro writes: > > > The scenario is your list member is [email protected]. > > [email protected] is set to forward all mail to [email protected]. > > Heh. This user is screwed if you use dmarc_moderation_action too.
I don't think so. The munged From: will be from the list's domain which probably doesn't publish a DMARC policy, but even if it does, it *should* also be DKIM signing the outgoing mail. The forward shouldn't alter the message in ways that break the list server's DKIM sig so at the ultimate receiving end the message has a valid DKIM sig that aligns with the From: domain. > Bottom line: Friends don't let friends use Yahoo! or AOL. +1 As an aside, perhaps a more telling example of how SPF is broken is the following. example.com publishes an SPF with '-all'. [email protected] sends a message to [email protected] which is an alias for a few people's addresses on other hosts. If all those end recipients check SPF they may reject the message with envelope from [email protected] because it comes from a server at mail.python.org which isn't allowed to send mail with envelope from the example.com domain. You can never know if any of your intended recipient addresses pass through such a relay, thus my opinion is if you're concerned about your mail being delivered, you can't use SPF -all. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
