Re: DMARC reports after emails sent to list

[Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Thanks Reco.

On 13/10/19 9:59 pm, Reco wrote:
> On Sun, Oct 13, 2019 at 04:20:17PM +1100, Andrew McGlashan wrote:
>> Is this due to email forwarding by Debian servers or is it for
>> some other reason? How can I fix this?
> 
> bendel.debian.org (the MTA behind lists.debian.org) does not have
> a published SPF record. An MTA, tana.it in this case, which is
> configured in a paranoid way (every inbound e-mail must conform to
> a published SPF record) - will consider every e-mail from
> bendel.debian.org as a violation. It's not just you - I too receive
> DMARC reports from tana.it at the end of every day which I
> communicate to the list, and a couple of others attempt to send me
> DMARC reports too (but I see no reason to accept connection from
> China Telecom MTAs). It's not that bad, we're talking about extra
> 5-10 e-mails per day if you don't do any filtering.
> 
>> Do I need to add Debian's IP address to my SPF record?  I'm not
>> sure I want to, but it may end the DMARC reports with failed SPF
>> tests...
> 
> I don't see how it'll do you any good. SPF checking for a maillist
> mail has little to no meaning anyway, it's tana.it who should fix
> their SPF checks.
> 
> I'd send a mail to postmaster@noloop.tana.it, IIRC one of this
> list members is behind it.

Hopefullly:  "Alessandro Vesely <vesely@tana.it>" can see this thread ;-
)

And yes, you are right, it passes DKIM fine and gives SPF error due to
the MTA as you say.  Probably the same with other reports as well.

Cheers
A.
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXaMUDwAKCRCoFmvLt+/i
+/2dAQCtYbPOkTl5vER4z9a5X6ox0L/eMtM9A3Uda30Od/BkdgEAsvwR9eHJSUPF
kP1TAssbm3YLc6yXX1DYXVGhs4Ii5pc=
=d1Id
-----END PGP SIGNATURE-----