I found a solution by arranging for outbound mail to go through a dedicated service which handles the ARC sealing and such-like for me. It's working nicely! I was even able to turn off the DMARC munging on my test list without problems.
--[Lance]
Stephen J. Turnbull wrote on 2/5/2025 7:54 AM:
It shouldn't be. It should be configured in your MTAs. Mailman can't do SPF, and it can't make the decision to distribute or not based on ARC validation without a preexisting ARC-Authentication-Results field from your host. Neither of those is fatal, but implementing in the MTA is preferable.
ARC was originally added as a proof of concept. But I have to admit setting it up in Mailman is easier than doing it in the MTA, it's not as easy as throwing a switch in Postfix or Amavis (although it should be!)