Josh Good - your DKIM signaturesare showing up as invalid.
On 2017-02-12 7:54 AM, Josh Good wrote:
On 2017 Feb 12, 07:53, Dominic Raferd wrote:
To go back to a point made by OP about SPF being 'good', it seems to me
that SPF is fundamentally and irretrievably flawed - and frankly should
be dropped.
Wow! Those are big words.
The fact that it works in 99.5% of situations just makes it
worse. Any email that is passed by a recipient through an intermediate
MTA (like all of mine, for instance) will have broken SPF when it
reaches its final destination MTA.
Well, yes, SPF breaks old-style forwarding. This is well known and
undisputed.
Many old-style SMTP "customs" no longer apply, like open relays, etc.
Old-style forwarding is nowadays also known as "spoofing the sender",
and it is seriously frowned upon, as are open relays.
I understand there are people who want to keep using old-style
forwarding, and also there are some hold-outs still having open relays
as a matter of principle.
SPF is designed to afford brand protection at the domain level in the
email realm. No more, no less.
I don't want to get personal, but if you don't appreciate SPF, perhaps
that's because your domains have never been massively spoofed in global,
distributed, resilient spamming campaigns. I like SPF because it has
saved my bacon more than once.
Secondly, IMO mailing lists should stop faking sender addresses and
instead should send either from the mailing list address or at least
from the mailing list domain e.g.
postfix-users-from-sender-at-domain....@postfix.org. That way the emails
could be fully DMARC-compliant and avoid problems even for original
senders with p=reject policy (for instance, yahoo users).
If I understand you correctly, you are bidding for mailing lists to change
(and take ownership of) the Header-From in the messages distributed to
the mailing list subscribers (because mailing lists already routinely
use their own email address in the Return-Path in the SMTP envelope). I
don't mind either way, but please be aware that veteran mailing list
operators will scream bloody murder at such a suggestion. It's true such
a suggestions would solve the DMARC interoperability problem with mailing
lists, but also doing as this list does would solve the problem: i.e.,
not adding subject tags nor body footers, so that the original sender
DKIM signature remains valid for the original, unchanged email address
in the Header-From.
The real solution would be to not use a DMARC policy of p=reject when
posting to mailing lists, as the DMARC workgroup at IETF recommended.
Alas, that horse is already out of the barn, as AOL and Yahoo are
already using p=reject in their DMARC, and their users are certainly
posting to mailing lists.
So, the world is very much complicated.
