On 7/16/23 00:41, Matija Nalis wrote:
On Sat, Jul 15, 2023 at 10:04:18PM -0500, Thomas Cameron wrote:
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
So, it fails SPF, but DKIM passes. Meaning, your mail would pass
normally modern servers which check both.
If you do not want to receive such status messages, you should update
your DMARC records (currently _dmarc.camerontech.com indicates you
want to receive BOTH aggregate "rua=" and forensic "ruf=" reports;
and that you want to receive status updates when the message would've
passed normally via "fo=1")
Thanks. I set it up to send me everything it could, to see if I had done
anything wrong. I will amend my DNS records as you suggested.
So it seems like my emails are being quarantined when I send them to mailing
lists, even this one.
What? No. At least not in this report you shared. You seem to be
confusing "<policy_published>" section (which is just a dump of DNS
which that server sees) with actual "<result>"s leading to final
"<disposition>" of "none" (which is good, as opposed to "reject" or
"quarantine" which would not be).
Ah, cool, thanks for the clarification! I saw "quarantined" and thought
my emails were not getting through.
You probably might want to use some nice frontend to visualizing
DMARC results, if reading XML and SPF/DKIM/DMARC protocol internals
is not second nature for you.
e.g. https://github.com/topics/dmarc-reports
I will definitely check that out, thanks!
+1 for encouraging mailing list operators to get with the times.
You can also do as Robert suggests and use a separate (sub)domain for
mailing lists with different SPF settings thereon.
It's not so much mailing list operators I'm worried about. It's that, when
my email goes through a listserv mailing list, if I define hard failures, I
am worried that my email isn't going to get to list members. That's not the
mailing list admin, it's the admins of the list members' mail servers. If
I'm not understanding something, please feel free to clarify.
If mailing list is employing SRS, mail reaching final recipients
would not be failing SPF checkes, as envelope sender (i.e. SMTP's
"MAIL FROM: <xxxx>") would be rewritten as the mail is coming from
mailing list domain and their servers (as it would), not yours.
See https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
Only if the mailing list remailing server leaves original (your)
envelope sender (which it shouldn't be doing, yet often does), would
you get such SPF problems. So, SPF problem is solvable from mailing
list server side, if its admins are willing.
Also, if your mails are signed by DKIM, and mailing list software is
not rewriting signed headers nor body (as it shouldn't, but some
mailing lists try to add annoying text to the bottom of messages like
"to unsubscribe, do xyz", thus breaking both DKIM, S/MIME and PGP
signatures), then your mail should pass DKIM checks too.
So that problem is avoidable on mailing list server side too.
Thank you so much, I am reading these articles now! I really appreciate
your not busting my chops for not knowing this.
--
Thomas
