Re: Slightly off-topic: anybody know of a way to keep one's Debian User List posts from failing DMARC?

[Andy Smith <andy@strugglers.net>]

Hello,

On Wed, Jun 09, 2021 at 09:58:13AM -0700, James H. H. Lampert wrote:
> I'm told that the Debian List Server doesn't rewrite "From"
> headers for DMARC-enabled senders, and neither does it do anything
> else to handle DMARC-enabled senders.

Correct, so the SPF test will always fail as the list pretends to be
your domain when it sends out mail from you. But the DKIM test can
still pass, because the Debian list software does not alter the body
of your mail or any of the headers you are likely to sign with DKIM.

And indeed, your email that I am replying to was a DKIM pass and
thus would be a DMARC pass as only one of the two is needed.

Many mailing lists modify the body, e.g. to prepend tags to the
subject and/or to append a footer with list information. These
mailing lists can never pass DKIM because the mail content is
signed. Their only option if they care about a DMARC pass is to
rewrite the sender address so that their mail comes from their own
domain, then they can make SPF and DKIM pass and alter the content
as they like.

You will see many DMARC failures from such mailing lists.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting