Richard James Salts: > On Thursday, 7 November 2019 4:23:20 AM AEDT Dominic Raferd wrote: > > ... > > The main problem with DMARC is that some mailing lists (not this one, > > I believe) mess it up, so I would suggest not to use it with > > p=quarantine or p=reject on any domain where users are likely to post > > to mailing lists. One such is (or was) the opendmarc mailing list - > > something of an own goal. > > Although Wietse has taken steps to minimize the impact of the > mailing list on DKIM signatures it will depend on the headers that > were signed in the original message,
In particular, the list server overrides the Sender: header with the list's address ([email protected]). I'm no aware of other changes that may break DKIM signatures. Wietse > and this is the best you can expect from a mailing list as most will > alter the subject or add a footer to the message body. Many other lists have > taken the decision to work around the damage of poorly considered DMARC > policies by rewriting the From header and putting the original author's > address in Reply-to (which isn't without it's downsides given there were > existing practices about Reply-to and mailing lists). I would highly > recommend > stopping at quarantine for DMARC policy if your domain is anything other than > a source of transactional emails (e.g. password resets, promotional offers, > etc). Once real humans have mailboxes on the domain and use the corresponding > email address in their outgoing mail you're going to have some collateral > damage from p=reject. > > >
