[OT] Re: configuration error in lists.isc.org

[Charles Swiger]

On Aug 6, 2015, at 4:25 PM, Heiko Richter <email at heikorichter.name> wrote:
> Whenever I post something to the list (I'm not using SMTP, I'm using a
> usenet server to post to comp.protocols.dns.bind), my postmaster
> address receives DMARC notifications from list members that have
> employed this wonderful protocol on their servers, telling me my
> message had been rejected for violating my SPF policy.
> 
> My SPF record doesn't include lists.ist.org <http://lists.ist.org/>, of course and it never
> will. Furthermore it ends with "-all" so all my messages to the list
> are being rejected by list members who have spf aware servers.

DMARC makes assumptions which do not play nicely with mailing lists--
in particular, a mailing list is always going to want to use a bounce
address within it's own domain to notice failing delivery-- so SPF
usually isn't going to match.

The choices I see are to either list the mailservers of the mailing lists
you participate on in your SPF records, convince the folks receiving your
mail to whitelist the ISC mailing servers from SPF / DMARC checks, and/or
change your SPF policy from -all to something less strict.

Otherwise, accept that the choices you've made mean the messages you send
will frequently bounce.

> So ISC: please fix your list servers, let them rewrite the From headers!

How would this help?  Changing the From header breaks your domain's DKIM signing;
are you asking them to take ownership of your messages and then DKIM sign
them on behalf of isc.org?  That breaks normal email replies.

Even the DMARC FAQ is honest enough to note that every alternative has major cons:

  https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F

Regards,
-- 
-Chuck

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150806/3e4157c0/attachment-0001.html>