Re: is it just me or...

[John Levine via NANOG <nanog () lists nanog org>]

It appears that Michael Thomas via NANOG <nanog () lists nanog org> said:
> There is no requirement that a mailing list honor or even care about 
> DMARC. That's true of all of this: it's purely informational to the 
> receiver to use as they will (or not). Expecting mailing lists to do 
> anything in particular is a mistake.
>
> > So mailing list software today typically checks the originating domain's
> > DMARC configuration.  If that has a policy other than "none" (which says
> > to deliver email even if it fails both SPF and DKIM), it will send the
> > email "From:" the list, and not the originator.  The email then nicely
> > passes the mailing list's own SPF, of course.  Additionally, the mail
> > server sending it out from the list software will normally DKIM sign the
> > outgoing email, so it ends up properly authenticating as coming from the
> > mailing list software.
> It would be nice if this were more uniformly true, but alas I don't 
> think you can really count on it. Even IETF mailing lists don't resign 
> (somebody has claimed this is a bug, but it's been a bug for a very long 
> time, from what I can tell).

Really, it was a bug. A bunch of stuff broke when we moved to the new
mail server earlier this year, and it's fixed now. (I checked.) The
DMARC rewrite stuff that I added broke at the same time, haven't
checked whether it's back yet.

R's,
John
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/HNIOFDZP5UDWGPIC4FAY7VFAX2OQYZTU/