The mailing list question can be a bit tricky. Yeah, the DKIM signature is supposed to transport just fine, unless your MLM rewrites any header or content that breaks the signature. And when you deal with that, eventually you're going to run into list subscribers whose posts get rejected by some other subscribers, due to the poster's domain having a P=reject DMARC policy.
I would say there's not a clear consensus on how best to handle mailing lists in a DKIM+DMARC world. A bunch of email folks are working on a standard called Authenticated Received Chain (ARC) that would in theory help to address issues with mailing lists. (See http://arc-spec.org/ ). But, we're a ways from being able to call that a solution. I'm a mailing list operator myself, at probably about the same level you are. (Instead of Mailman, I run a custom MLM that I wrote myself, mostly as a programming exercise.) What I have chosen to do is strip an existing DKIM signature, rewrite the from address if it appears to be a domain that has a restrictive DMARC policy, and then sign it with DKIM as the list domain. This works well for me, but not everybody agrees that it's the best path. I'm not the only one to have done something similar; Yahoo Groups, Google Groups Mail-list.com and OnlineGroups.net all send as the group instead of as the poster either all the time or as needed; and mailman can be configured similarly. Here's a link to an overview of the various issues in play for mailing lists, and info on what I and others have chosen to do to address it. http://www.spamresource.com/2015/02/dmarc-mailing-lists-roundup.html Here's where to go to learn more about what you can do with Mailman: http://wiki.list.org/DEV/DMARC Note: There will probably be at least one really angry reply to this post telling me how horrible this is and that I broke mailing lists. It'll be a rehash of an argument from more than a year ago. Truth be told, somebody else broke mailing lists; this is just how I personally decided to implement a fix that seems to work well for me. YMMV. Regards, Al Iverson -- Al Iverson - Minneapolis - (312) 275-0130 Simple DNS Tools since 2008: xnnd.com www.spamresource.com & aliverson.com _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
