On 1/30/22 20:25, Jay Hamilton-Roth wrote:
Emails from our list are currently being blocked by Google & Yahoo because of the "Dmarc policy of the sender domain" (according to Google Postmaster).
Our list doesn't do any munging for "Reply goes to list" and our DMARC Mitigations is set for "No DMARC mitigations" and we're not DMARC Mitigating unconditionally.
Given this is our MM3 policy, it's not clear what the DMARC DNS policy should be for consistency (note: we currently don't have a DMARC DNS setting).
MM3 documentation doesn't have enough info, and reading up on DMARC Records it's not clear if we should be:
v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@ourdomain.com
-or-
v=DMARC1;p=quarantine;pct=100;ruf=mailto:postmaster@ourdomain.com
-or something else-
Have you seen https://wiki.list.org/DEV/DMARC ?
Nothing you publish as a DMARC policy or SPF will affect the DMARC actions of recipient domains for list mail unless you set DMARC mitigations for your lists to make the mail be From: your domain. As long as you leave the From: intact, it is the DMARC policy of the From: domain that counts, and if you make any transformation at all to the message (content filtering, subject prefixing, munging Reply-To:, etc) you will break the From: domain's DKIM signature and DMARC will fail at the receiving MTA.
As far as recommendations go, what we do for this list for example is we set DMARC mitigation action to Replace From with list address and DMARC Mitigate unconditionally to No.
We publish SPF "v=spf1 mx a ~all"
We publish DMARC "v=DMARC1\; p=none"
and we DKIM sign all our outgoing mail.
Our Python.org lists are similar except we publish DMARC
"v=DMARC1\; p=none\; pct=100\; rua=mailto:rxxx@dmarc.postmarkapp.com\; sp=none\; aspf=r\;"
because we've signed up with postmarkapp.com for their free reporting service.
We do publish a DMARC policy and DKIM sign outgoing mail because we believe this helps mail delivery, but without DMARC mitigation action = Replace From with list address or Wrap the message ... it won't stop recipients from treating list mail as failing DMARC.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan