On Thursday, 7 November 2019 4:23:20 AM AEDT Dominic Raferd wrote: > ... > The main problem with DMARC is that some mailing lists (not this one, > I believe) mess it up, so I would suggest not to use it with > p=quarantine or p=reject on any domain where users are likely to post > to mailing lists. One such is (or was) the opendmarc mailing list - > something of an own goal.
Although Wietse has taken steps to minimize the impact of the mailing list on DKIM signatures it will depend on the headers that were signed in the original message, and this is the best you can expect from a mailing list as most will alter the subject or add a footer to the message body. Many other lists have taken the decision to work around the damage of poorly considered DMARC policies by rewriting the From header and putting the original author's address in Reply-to (which isn't without it's downsides given there were existing practices about Reply-to and mailing lists). I would highly recommend stopping at quarantine for DMARC policy if your domain is anything other than a source of transactional emails (e.g. password resets, promotional offers, etc). Once real humans have mailboxes on the domain and use the corresponding email address in their outgoing mail you're going to have some collateral damage from p=reject.
