On Fri, Mar 11, 2022 at 10:41:00AM -0800, Mark Sapiro wrote:
Also, your outgoing MTA should DKIM sign the mail on the way out. With that and the above setting, the outgoing message will have only your valid DKIM signature and no prior Authentication-Results:.
Ok, you mean after replacing the From address with the list address, right? I can see no way (or sense) to DKIM sign arbitrary From: addresses.
This actually works quite good: the recipient just gets 2 DKIM signatures. The original one is broken, the MTA-generated one (after writing my list address into From) is OK. This is good enough even for ProtonMail (no red warning).
What about this list (mailman-users). It looks this one also has From address replacement + conditional DMARC mitigation. And remove_dkim_headers: no. Correct?
Thank you