A while ago I moved my main mail account to my own domain, using migadu.com. They have an excellent setup guide, and a diagnostics page. There’s MX delegation, DKIM public keys, SPF policy, DMARC policy, and so on.
Recently, I subscribed to a mailing list using Mailman. Today I got a friendly email from a mailing list member telling me about a setup problem: the DMARC policy for my domain was causing them problems, as they were getting messages like the following:
Your membership in the mailing list … has been disabled due to
excessive bounces
Oops! Apparently my config causes servers to send bounces when my emails get sent via the mailing list, and those bounces are triggering Mailman’s bounce protection for other members. Not good!
But relaxing those rules is also not good. Some searching on the internet found this article: Actually, DMARC works fine with mailing lists. I don’t know what to think about it. The explanation seems to be that mailing lists that are configured to change the subject line of my emails are invalidating the signatures, which causes the conforming mail servers to bounce my mails. Just telling them to no longer reject my emails but to deliver them into Junk folders would have fixed half the problem (the bounces the mailing list members were getting) but it wouldn’t have fixed the problem that my mails look like spoofed emails to many people.
Actually, DMARC works fine with mailing lists
Even the mailing list archive says so:
This is not good, and I’m way out of my league. I decided to unsubscribe from the mailing list. Once again, the propensity of every human activity on the Internet to be spammed to death makes every open tool super complicated and the technology required to master harder to understand with every passing year.
I think I’m going to do fine without the mailing list.
#Mail #Administration
(Please contact me if you want to remove your comment.)
⁂
Odd, because your previous messages came through to the mailing list without incident, and looking over the headers of all your messages, I don’t see why that last one would get the SPOOFED bit, because it’s no different from the others one (other than the subject line and dates).
– Sean Conner 2020-06-05 07:02 UTC
---
Well, sadly I have no idea – and I don’t think I’ll be investigating. If there is an easy fix out there, I’ll make it. Perhaps I have my mail stuff misconfigured? But I’m afraid I don’t have the know-how to figure out what’s wrong.
– Alex Schroeder 2020-06-05 07:39 UTC