Hello Sir,
On 2023-12-25 22:16, jrmu wrote:
Greetings,
I'm attempting to send email to m...@openbsd.org, and getting a lot of
DMARC failure reports. SPF, DKIM, and DMARC work fine for me when I am
not using a mailing list. My SPF TXT record is
For interacting with mailing lists, I use a domain with p=quarantine.
Active users should already have figured out that lists like misc@ are
not configured to support DMARC, and p=none is too easy to spoof for the
worst offenders, so even just a simple MUA filter can move the messages
out of the spam directory.
Just my opinion here, but in 2023, lists not supporting DMARC are
intentionally so. As you can see here with OpenSMTPD, the DKIM check
using my domain's key will pass, AFAICT because the message is left
largely unaltered and DMARC requires SPF OR DKIM authentication to pass
using header.from.
Not supporting DMARC keeps out people on any of the various freemail
providers from meaningfully participating in a list. I see similar at
daemonforums.org, which uses a yahoo.com FROM: address to send messages,
so anyone with a server respecting p=reject (e.g., all freemail
providers) will never receive any of their messages, including forum
signups, which I believe to be an intentional technical filtering of
users.
"v=spf1 a mx ip4:198.251.82.194 -all"
and my DMARC record is
"v=DMARC1;p=none;pct=0;fo=1;rua=mailto:postmas...@ircnow.org;ruf=mailto:postmas...@ircnow.org;
However, I sent two emails in the last 10 days, and received 20 failed
DMARC reports. I am not sure if these two emails were received:
https://marc.info/?l=openbsd-misc=170354063924689=2
https://marc.info/?l=openbsd-misc=170274207904871=2
As of today, I adjusted the DMARC record from p=quarantine to p=none,
with hopes that fewer emails would get rejected.
For p=quarantine, the messages should be sent to spam directories as
opposed to p=reject, which most servers are configured to not send to
the user account and in my experience is silently discarded.
I'm not sure if 1) these failed DMARC reports are normal for mailing
lists, and 2) if there's anything else I can do to reduce the failure
rate.
Below is a sample fastmail DMARC report:
1.0
Fastmail Pty Ltd
repo...@fastmaildmarc.com
https://fastmail.com/
1054835552
1703462400
1703548799
ircnow.org
none
none
0
0
199.185.178.25
101
none
fail
fail
trusted_forwarder
Policy ignored due to local white
list
openbsd.org
ircnow.org
openbsd.org
selector1
pass
pass
openbsd.org
mfrom
pass
148.251.123.12
1
none
fail
fail
trusted_forwarder
Policy ignored due to local white
list
openbsd.org
ircnow.org
openbsd.org
selector1
pass
pass
openbsd.org
mfrom
softfail
173.228.157.40
1
none
fail
fail
bounce2.pobox.com
ircnow.org