Re: Re: DKIM and SPF fail for messages sent via mutt-users
On 2022-08-25 07:08, Charles Cazabon wrote: > Jan Eden wrote: > > > > I recently sent a message to this list, and received a couple of DMARC > > reports from various mail providers to my postmaster address: > [...] > > > > I was under the impression that earlier issues with DMARC, DKIM and SPF with > > respect to mailing lists were solvable > > Others have addressed DKIM, but for SPF I have found that every message to a > mailing list of any size generates a number of reports of SPF failures, even > though the list has correctly used its own domain in the envelope return path. > > I believe this is because there are people or bots subscribed to the list > using terrible mail-forwarding configurations, where the forwarded message is > sent with an envelope sender extracted from the From: header field - either > because the software is a disaster, or because it's being used on a machine > that cannot or does not properly record the original envelope when delivering > received messages. In my reply to Kevin, I quoted my own mail server's and outlook.com's authentication results – both handle the mutt.org envelope sender correctly (spf=pass), but outlook.com still reports an SPF failure as part of the tag (irrespective of ). - Jan signature.asc Description: PGP signature
Re: DKIM and SPF fail for messages sent via mutt-users
Jan Eden wrote: > > I recently sent a message to this list, and received a couple of DMARC > reports from various mail providers to my postmaster address: [...] > > I was under the impression that earlier issues with DMARC, DKIM and SPF with > respect to mailing lists were solvable Others have addressed DKIM, but for SPF I have found that every message to a mailing list of any size generates a number of reports of SPF failures, even though the list has correctly used its own domain in the envelope return path. I believe this is because there are people or bots subscribed to the list using terrible mail-forwarding configurations, where the forwarded message is sent with an envelope sender extracted from the From: header field - either because the software is a disaster, or because it's being used on a machine that cannot or does not properly record the original envelope when delivering received messages. Charles -- --- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ---
Re: Re: DKIM and SPF fail for messages sent via mutt-users
On 2022-08-24 15:18, Kevin J. McCarthy wrote: > On Wed, Aug 24, 2022 at 08:15:21PM +0200, Jan Eden wrote: > > I was under the impression that earlier issues with DMARC, DKIM and SPF > > with respect to mailing lists were solvable (cf. > > https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html), but this > > does not seem to be the case. Is there anything I can do myself to avoid > > such problems? My DMARC setup works fine for messages sent directly to > > recipients at Gmail, Yahoo, Comcast etc. > > I think OSUOSL implemented a DKIM filter some time in June, probably due to > lots of bounce-unsubscribe issues with other mailing customers. However, > this is probably causing your DMARC policy to fail, since the signature is > missing (or renamed). > > The Mutt lists already munge the From header for p=reject emails. I haven't > enabled it for p=quarantine, but this is a Mailman option I can control. > > Does anyone have feedback before I enable that? Thank you for considering a changed configuration. FWIW, this is how my own mail server handles my message to mutt-users (delivered via smtp1.osuosl.org [140.211.166.138]): Authentication-Results: mail.eden.one; dkim=none; dmarc=fail reason="SPF not aligned (strict), No valid DKIM" header.from=eden.one (policy=none); spf=pass (mail.eden.one: domain of mutt-users-boun...@mutt.org designates 140.211.166.138 as permitted sender) smtp.mailfrom=mutt-users-boun...@mutt.org It reports a successful SPF authentication result, as does outlook.com, but both servers still report a SPF failure overall: 140.211.166.138 1 none fail fail outlook.com mutt.org eden.one mutt.org mfrom pass - Jan signature.asc Description: PGP signature