On Wed, 2017-09-27 at 11:42 -0700, Miles Fidelman wrote: > This could also be an attempt to get a mailing list to work. > > There's a continuing problem with email list traffic getting bounced by > DKIM, and various work-arounds - the gist is that the mail has to come > from the list manager, but you still need a way to indicate the original > author of the message. Hacks abound. But basically, DKIM is just broken. >
DKIM works fine. It is in fact working as intended when a signature fails to validate against a message that has been modified in transit. Mailing lists or other forwarders that modify signed portions of the message without taking ownership of the From: header are just not compatible with DKIM or DMARC-reject senders.