On 12/28/2017 11:57 AM, Jordan Brown wrote: > > That's leading me to wonder whether there's another way, whether I can > leave From alone and still get past the DMARC checks. Wikipedia tells > me that DMARC passes if either SPF *or* DKIM passes. There's no hope > for SPF with the original sender in From, because the mailing list > server isn't the user's mail server. However, DKIM seems like it > *might* pass, if I'm careful in how I configure the mailing list.
Correct. As pointed out in item 2 at <https://wiki.list.org/x/17891458> you can avoid breaking DKIM signatures by turning off Content filtering, scrubbing of non-digest messages and Reply-To: header munging and remove subject_prefix, msg_header and msg_footer so Mailman doesn't make message modifications that break DKIM signatures. If you are willing to have your list not make any such transformations, that will work. Ideally, you might check DMARC on incoming mail, because if it fails, that mail will bounce anyway. E.g., I have seen a case where a user had configured a "Yahoo" account in her local email client to send From: her yahoo.com address but not send via a yahoo SMTP server. Thus, all of her mail, including list mail, would be bounced by anyone not checking DMARC because it had no yahoo.com DKIM signature, but in the case of list mail without DMARC mitigations, this would cause multiple recipients to bounce the mail and perhaps have their delivery disabled. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
