Re: Re: DKIM and SPF fail for messages sent via mutt-users
On 2022-08-25 07:08, Charles Cazabon wrote: > Jan Eden wrote: > > > > I recently sent a message to this list, and received a couple of DMARC > > reports from various mail providers to my postmaster address: > [...] > > > > I was under the impression that earlier issues with DMARC, DKIM and SPF with > > respect to mailing lists were solvable > > Others have addressed DKIM, but for SPF I have found that every message to a > mailing list of any size generates a number of reports of SPF failures, even > though the list has correctly used its own domain in the envelope return path. > > I believe this is because there are people or bots subscribed to the list > using terrible mail-forwarding configurations, where the forwarded message is > sent with an envelope sender extracted from the From: header field - either > because the software is a disaster, or because it's being used on a machine > that cannot or does not properly record the original envelope when delivering > received messages. In my reply to Kevin, I quoted my own mail server's and outlook.com's authentication results – both handle the mutt.org envelope sender correctly (spf=pass), but outlook.com still reports an SPF failure as part of the tag (irrespective of ). - Jan signature.asc Description: PGP signature
Re: DKIM and SPF fail for messages sent via mutt-users
Jan Eden wrote: > > I recently sent a message to this list, and received a couple of DMARC > reports from various mail providers to my postmaster address: [...] > > I was under the impression that earlier issues with DMARC, DKIM and SPF with > respect to mailing lists were solvable Others have addressed DKIM, but for SPF I have found that every message to a mailing list of any size generates a number of reports of SPF failures, even though the list has correctly used its own domain in the envelope return path. I believe this is because there are people or bots subscribed to the list using terrible mail-forwarding configurations, where the forwarded message is sent with an envelope sender extracted from the From: header field - either because the software is a disaster, or because it's being used on a machine that cannot or does not properly record the original envelope when delivering received messages. Charles -- --- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ---
Re: Re: DKIM and SPF fail for messages sent via mutt-users
On 2022-08-24 15:18, Kevin J. McCarthy wrote: > On Wed, Aug 24, 2022 at 08:15:21PM +0200, Jan Eden wrote: > > I was under the impression that earlier issues with DMARC, DKIM and SPF > > with respect to mailing lists were solvable (cf. > > https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html), but this > > does not seem to be the case. Is there anything I can do myself to avoid > > such problems? My DMARC setup works fine for messages sent directly to > > recipients at Gmail, Yahoo, Comcast etc. > > I think OSUOSL implemented a DKIM filter some time in June, probably due to > lots of bounce-unsubscribe issues with other mailing customers. However, > this is probably causing your DMARC policy to fail, since the signature is > missing (or renamed). > > The Mutt lists already munge the From header for p=reject emails. I haven't > enabled it for p=quarantine, but this is a Mailman option I can control. > > Does anyone have feedback before I enable that? Thank you for considering a changed configuration. FWIW, this is how my own mail server handles my message to mutt-users (delivered via smtp1.osuosl.org [140.211.166.138]): Authentication-Results: mail.eden.one; dkim=none; dmarc=fail reason="SPF not aligned (strict), No valid DKIM" header.from=eden.one (policy=none); spf=pass (mail.eden.one: domain of mutt-users-boun...@mutt.org designates 140.211.166.138 as permitted sender) smtp.mailfrom=mutt-users-boun...@mutt.org It reports a successful SPF authentication result, as does outlook.com, but both servers still report a SPF failure overall: 140.211.166.138 1 none fail fail outlook.com mutt.org eden.one mutt.org mfrom pass - Jan signature.asc Description: PGP signature
Re: DKIM and SPF fail for messages sent via mutt-users
On Wed, Aug 24, 2022 at 08:15:21PM +0200, Jan Eden wrote: I was under the impression that earlier issues with DMARC, DKIM and SPF with respect to mailing lists were solvable (cf. https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html), but this does not seem to be the case. Is there anything I can do myself to avoid such problems? My DMARC setup works fine for messages sent directly to recipients at Gmail, Yahoo, Comcast etc. I think OSUOSL implemented a DKIM filter some time in June, probably due to lots of bounce-unsubscribe issues with other mailing customers. However, this is probably causing your DMARC policy to fail, since the signature is missing (or renamed). The Mutt lists already munge the From header for p=reject emails. I haven't enabled it for p=quarantine, but this is a Mailman option I can control. Does anyone have feedback before I enable that? -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
DKIM and SPF fail for messages sent via mutt-users
Hi, I recently sent a message to this list, and received a couple of DMARC reports from various mail providers to my postmaster address: ... 140.211.166.138 1 quarantine fail fail eden.one mutt.org ... I was under the impression that earlier issues with DMARC, DKIM and SPF with respect to mailing lists were solvable (cf. https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html), but this does not seem to be the case. Is there anything I can do myself to avoid such problems? My DMARC setup works fine for messages sent directly to recipients at Gmail, Yahoo, Comcast etc. Cheers, Jan signature.asc Description: PGP signature