Hey All, Sorry I didn’t not realize what the question might touch off. I have been following the discussion and watching my traffic and I have come up with this theory.
Looking over my reports I see I get 100% DMARC & SPF coverage with only 71% DKIM coverage. I’m assuming the DKIM coverage loss represents traffic to list-servs rather then a configuration issue on my end. Is that Plausible. Thanks, Ben > On Feb 7, 2016, at 1:10 PM, Al Iverson via dmarc-discuss > <[email protected]> wrote: > > The mailing list question can be a bit tricky. Yeah, the DKIM > signature is supposed to transport just fine, unless your MLM rewrites > any header or content that breaks the signature. And when you deal > with that, eventually you're going to run into list subscribers whose > posts get rejected by some other subscribers, due to the poster's > domain having a P=reject DMARC policy. > > I would say there's not a clear consensus on how best to handle > mailing lists in a DKIM+DMARC world. A bunch of email folks are > working on a standard called Authenticated Received Chain (ARC) that > would in theory help to address issues with mailing lists. (See > http://arc-spec.org/ ). But, we're a ways from being able to call that > a solution. > > I'm a mailing list operator myself, at probably about the same level > you are. (Instead of Mailman, I run a custom MLM that I wrote myself, > mostly as a programming exercise.) What I have chosen to do is strip > an existing DKIM signature, rewrite the from address if it appears to > be a domain that has a restrictive DMARC policy, and then sign it with > DKIM as the list domain. This works well for me, but not everybody > agrees that it's the best path. I'm not the only one to have done > something similar; Yahoo Groups, Google Groups Mail-list.com and > OnlineGroups.net all send as the group instead of as the poster either > all the time or as needed; and mailman can be configured similarly. > > Here's a link to an overview of the various issues in play for mailing > lists, and info on what I and others have chosen to do to address it. > http://www.spamresource.com/2015/02/dmarc-mailing-lists-roundup.html > > Here's where to go to learn more about what you can do with Mailman: > http://wiki.list.org/DEV/DMARC > > Note: There will probably be at least one really angry reply to this > post telling me how horrible this is and that I broke mailing lists. > It'll be a rehash of an argument from more than a year ago. Truth be > told, somebody else broke mailing lists; this is just how I personally > decided to implement a fix that seems to work well for me. YMMV. > > Regards, > Al Iverson > > -- > Al Iverson - Minneapolis - (312) 275-0130 > Simple DNS Tools since 2008: xnnd.com > www.spamresource.com & aliverson.com > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
