On 7/03/2020 13:50, Christof Arnosti via subsurface wrote:
Can you explain this a bit more?
I think that DKIM / DMARC does exactly what it should: preventing modification
of mails with "MailFrom" from my domain on-the-fly.
I also have SPF configured, which should in theory also lead to a reject when my
domain is used as MailFrom.
With DMARC, if I understand correctly, the mail should only be threated as
boguous when both of these mechanisms fail at once. This is the case when the
subsurface-divelog.org list server modifies my mail (breaks DKIM) and sends it
from it own server (breaks SPF) with MailFrom ~= *@charno.ch.
I understand that this leads to problems with mailing lists, but on the other
hand I would think that replacing the sender address by the mailing list
software (like done now on subsurface-divelog.org) should be the right way to
deal with this problem. Honestly, I'm more curious about why your mail client
only displays the sender mail-address (but not always? The mail you directly
received from Benjamin seems fine?) instead of the name in the MailFrom-Header.
I think that DMARC / DKIM / SPF are a quite important tool in the fight against
mail spoofing, so I would hate to weaken or disable it.
Can you give me some recommendation on how I should configure DMARC / DKIM / SPF
without breaking spoof-save mailing, but still working with mailinglists
configured like subsurface was before?
There is an import difference between the "From" email header (which is
displayed by the mail client), and the sender/recipient address ("mail from" and
"rcpt to") used during the smtp communication. For SPF only the latter is
relevant. So it would be perfectly possible to leave the From header intact:
From: Christof Arnosti <[email protected]>
and send the mail from the subsurface domain:
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
For SPF everything should be fine because the mail originates from the
subsurface mail server, and the mail client will show the correct name. Or am I
missing something? I'm certainly not an expert on mail server configuration, but
I do run one too.
For DKIM/DMARC I don't really know.
Jef
_______________________________________________
subsurface mailing list
[email protected]
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
