Hi Axel, I would suggest:
* Make sure that the list's 5321.From (return-path/envelope/MAILFROM) domain has a valid and restrictive SPF * DKIM sign all list messages with your own key * Use different DKIM keypairs for each list * Don’t modify the originally message body (e.g., adding in a list footer etc.) * If the sender's domain has DMARC with an enforcing policy (p=quarantine/reject) then rewrite the 5322.From to use the list's domain Not modifying the body of the message will give any original DKIM message signature the best chance of preserving validity. Signing with your own DKIM key will create an additional reputation data point for message filters, which will help over time. DMARC won't survive a MLM, so you have to rewrite the From to give the message a chance of being received. Your own DKIM signature will still be valid. Implementing ARC wouldn't hurt, but don't expect it to magically fix anything. Your ARC set still needs to be trusted by message filters which implement ARC and there is no centralised mechanism to facilitate this yet. Larger providers may use ML to trust particular ARC header sets but who knows. I wouldn't suggest that you implement DMARC on your list domain as it won't help with deliverability and will just cause more issues. It's not really designed for mailing lists. Ken. > -----Original Message----- > From: mailop <mailop-boun...@mailop.org> On Behalf Of Axel Rau via > mailop > Sent: Tuesday 14 June 2022 16:51 > To: Paul Vixie via mailop <mailop@mailop.org> > Subject: [mailop] Best practice for mailing list servers > > Hi all, > > I’m running a mailman3 site with several small mailing lists. > > Today Google let all mails without DKIM sig bounce. > Other ESPs refuse my mails because of brokem DKIM sig. > > Currently the listserver does not DKIM-sign nor remove DKIM-sigs. > > It seems, that mails with DKIM-sig (from the author domain, but broken > bei the list server) are accepted by Google. > > Should I adopt ARC? > Along with DMARC? > > What is best practice in 2022? > > > Any help appreciated, > Axel > --- > PGP-Key: CDE74120 ☀ computing @ chaos claudius > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
