On 2016-08-26, Peter N. M. Hansteen <pe...@bsdly.net> wrote: > Lazy git that I am I only quite recently configured DMARC for > bsdly.net, and it actually had at least some of the desired effect: > that domain's mail traffic started coming through to Google-hosted > domains, and whenever somebody makes a new contribution to the > spamtraps collection[1], I get reports from DMARC-reporting domains as > well as the usual traces in the greylist.
Just switch p=quarantine to p=none in your headers. You'll still get these benefits and it won't screw up your list mail. > However, the solution or workaround is to set up the mailing list for > the DMARC magic to do some benign rewriting of headers Rewriting From: addresses to the list's address and forcing Reply-To is hardly benign. The proposed way to fix this without messing up long standing use of email is to add ARC headers at list servers, but it's still early and isn't widely supported yet. Keep an eye on http://arc-spec.org/ and draft-ietf-dmarc-arc-protocol. gmail were supposed to be setting DMARC p=reject in their mail earlier this year but seem to have given up on that idea for now. Good job too, it is unworkable for a general-purpose email account until the mailing list/forwarding problem is fixed. There *is* a place for DMARC with p=reject or p=quarantine: companies like banks, online stores, etc. Places which can be in complete control of which MXes deliver mail in their name, and where spoofed mail can be highly damaging. (Of course people at those companies will need to use a separate address for mailing lists etc; IMHO that's not a problem in such cases). > If the OpenBSD list admins are reading this: would it be possible to > make a similar change in the OpenBSD mailing list configuration? I think it's more than a config change, afaik it would mean modifying majordomo to do DMARC lookups and deciding which messages to mangle and which not to.
