On Wed, 12 Apr 2023, Eric D. Williams wrote:
No, it's a DMARC problem. DKIM didn't cause any problems for mailing
lists ...
mailing lists the real answer is ARC not DMARC, that's what I'm saying. It's
a failure with DKIM signature invalidation as a result of relaying via
mailing lists.
My mailing lists put their own DKIM signature on the outgoing mail, and
the DKIN spec says to ignore signatures that don't validate, so as far as
DKIM is concerned, that mail is fully authenticated. As RFC 6376 says:
INFORMATIVE RATIONALE: The signing identity specified by a DKIM
signature is not required to match an address in any particular
header field because of the broad methods of interpretation by
recipient mail systems, including MUAs.
It's only DMARC that adds a new and in this case unfortunate rule that
requires a DKIM signature that matches the domain in the From header.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
