On Sun, 24 Nov 2019 at 23:34, Richard Damon <rich...@damon-family.org> wrote:
> On 11/24/19 6:21 PM, Wesley Peng wrote: > > Why it doesn’t break From: header SPF? Just curious > > > > On Mon, Nov 25, 2019, at 4:12 AM, Chris Wedgwood wrote: > >> > Or in short: DMARC intentionally breaks every mailinglist and every > >> > mail-forwarding. So, if a mail-provider uses a strict DMARC-policy, > >> > it effectively says: "Our mail-addresses may not be used for > >> > mailinglists." > >> > >> this message (i am replying to) from you on this mailing list is not > >> broken > >> > It DOES break DMARC/SPF, as the IP address the message comes from > doesn't match the From of the message, but with DMARC if EITHER SPF or > DKIM pass, the message is to be considered to pass. > > A Domain with strict DMARC, and which doesn't DKIM sign messages, will > fail with any form of remailer, so would fail for this application. > Anyone using DMARC with p=reject and without using DKIM signing is asking for trouble - this should never be done intentionally. I have seen it happen by mistake (usually by public bodies e.g. police, HMRC...). Assuming the message is DKIM-signed (and the signing is only on the critical headers, as it normally is) then DMARC won't cause problems on this mailing list. For other mailing lists YMMV. We have used DMARC with p=reject on domains for personal and business use for several years and have never had any rejections or 'false positives' as a result. I don't use such domains for posting to mailing lists, and no one else using our domains has ever tried to.
