On 29.08.2017 09:21, Rick van Rein wrote: > [...] DKIM, SPF and DMARC are of interest to any mail flow.
They sure are. If you browse through mailing list archives of years gone by, you can find my own messages about list X or Y breaking DKIM, SPF or both. Also, people have been passionate about Reply-To-Munging long before RFCs 4408 and 4870 were written. For a blast from the past, you can start here: http://marc.merlins.org/netrants/listreplyto.html If you need an example (to name but one), see the Roundcube Users mailing list, which still adds a footer to the message bodies, thus breaking DKIM. Very easily prevented by flipping a configuration switch, alas the list admins don't seem to care. There is a big difference between leaving existing headers and bodies intact, like the Postfix mailing list commendably does, and messing with existing headers or bodies, which breaks DKIM. My own DKIM setup exempts 'Received' headers from signing, but if a list software messes with anything else, it is likely to break signatures. As for DMARC, I tested it for several months, and found it lacking. Beyond being unsuitable for many of today's mailing lists as seen from the back-and-forth of reports (and thus arguably being broken by design), I don't think a sender A can say "if DMARC verification on this message fails, implement policy X" and expect recipients B and C to do just that. Once a message reaches B and C, they'll do whatever they please with it. Also, I'd like to earn some money for each bounced DMARC report, but that's a different matter... I have tried to find one of Viktors much more in-depth statements on DMARC, but to no avail. -Ralph
