On 22/05/2023 19:49, Jim Popovitch via mailop wrote: > DO use Mailman's built-in DMARC mitigations for re-writing From for > DMARC identified domains, including p=none.
For a DMARC (p=reject) domain, if the From: header is rewritten, the presence of a failing DKIM signature still causes Apple to add 1 to the spam score: X-Apple-MoveToFolder: Junk X-ICL-SCORE: 4.333033240041 x-spam-flag: yes x-suspected-spam: true ... Authentication-Results: bimi.icloud.com; bimi=skipped reason="missing evidence" X-ARC-Info: policy=fail; arc=none Authentication-Results: arc.icloud.com; arc=none Authentication-Results: dmarc.icloud.com; dmarc=pass header.from=lists.example.com X-DMARC-Info: pass=pass; dmarc-policy=reject; s=r1; d=r1; pdomain=lists.example.com X-DMARC-Policy: v=DMARC1; p=reject; rua=mailto:dmarc-repo...@example.com; ruf=mailto:dmarc-repo...@example.com; fo=1 Authentication-Results: dkim-verifier.icloud.com; dkim=pass (1024-bit key) header.d=lists.example.com header.i=@lists.example.com header.b=kZPnt/iY Authentication-Results: dkim-verifier.icloud.com; dkim=fail reason="signature verification failed" (3072-bit key) header.d=example.net header.i=@example.net header.b=m+UnOE2q Authentication-Results: dkim-verifier.icloud.com; dkim=permerror (0-bit key) header.d=example.net header.i=@example.net header.b=J0UvU0HU Authentication-Results: dkim-verifier.icloud.com; dkim=neutral (0-bit key) header.d=example.net header.i=@example.net header.b=gfXmzzC8 Authentication-Results: dkim-verifier.icloud.com; dkim=permerror (0-bit key) header.d=example.net header.i=@example.net header.b=UZxRPpOF Authentication-Results: spf.icloud.com; spf=pass ... ... From: Example via Example <exam...@lists.example.com> Cc: Example <exam...@example.net> X-Apple-MoveToFolder: INBOX ... X-ICL-SCORE: 3.333033230041 Authentication-Results: bimi.icloud.com; bimi=skipped reason="missing evidence" X-ARC-Info: policy=fail; arc=none Authentication-Results: arc.icloud.com; arc=none Authentication-Results: dmarc.icloud.com; dmarc=pass header.from=lists.example.com X-DMARC-Info: pass=pass; dmarc-policy=reject; s=r1; d=r1; pdomain=lists.example.com X-DMARC-Policy: v=DMARC1; p=reject; rua=mailto:dmarc-repo...@example.com; ruf=mailto:dmarc-repo...@example.com; fo=1 Authentication-Results: dkim-verifier.icloud.com; dkim=pass (1024-bit key) header.d=lists.example.com header.i=@lists.example.com header.b=iMjTZqEm Authentication-Results: spf.icloud.com; spf=pass ... ... From: Example via Example <exam...@lists.example.com> Cc: Example <exam...@example.net> -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop