Rick Moen <rick@???> wrote:

> Simon, I appreciate your pitching in to attempt to answer this question.
> A few necessary corrections, though:

Correction noted. However, in my defence my issues (which I no longer have to deal with) were with mail forwarding in servers rather than mailing lists (IIRC our mailing list hosting had dwindled to just a couple of announce lists before the problem raised it's head) - so a different set of related issues which was primarily SPF at the time. I did get as far as having a look at SRS - but unfortunately the plugin for Postfix was incompatible with the greylisting I used due to the order of operations which prevented whitelisting of "known" greylisting triplets. Customised solutions were beyond my skill set - not to mention, the issues of leaving a maintenance time-bomb for any admin taking over*.

* When I left, a host developed a hardware issue. There was enough spare capacity to simply move the VM to another host - a few hours to copy the mail folders. Instead the know it all in charge took nearly a week to get something working because the concepts were beyond him. It was hard to laugh out load as I knew what it would be doing to the customers - many of whom I knew personally through having provided support over the years.


Rick Moen <rick@???> wrote:

> Why messages fail DMARC is convoluted, and I'd frankly rather spend my
> time on other things. If you are wanting to spend a lot more time on
> this, here's a fine place to start:
> https://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail

Thanks for that, an interesting site.



Steve Litt <slitt@???> wrote:

> I'd suggest we ban email from gmail, yahoo, protonmail, and the rest
> that demand strict adherence to DMARC.

Nice thought, but do you really think that the likes of Google give a sh*t about some little mailing list somewhere, and which should be using Google's services anyway - how dare they use their own solution !
The reality is that the "big boys" have implemented these breakages - they knew beforehand that they would break almost all forms of forwarding, but their solution to that "problem" was simply to declare any form of mail forwarding as "improper" and therefore breaking it wasn't their fault. I can't help thinking that their marketing people saw an opportunity to make life harder for small scale competitors.

From the users' PoV, if a random mailing list or forwarding server doesn't work with such broken domains then clearly it has to be the little mailing list or forwarding server that's broken. For many years at a previous job we ran a mail server for customers - going back to before everyone and his dog were offering such services. We always recommended customers to create a second account in their mail software to (at a minimum) collect their mail - but many would simply refuse to countenance the complication - and instead we had to forward "info@???" to "someobscureaddress24673254@???".
This worked just fine for many years - until that is, the big boys went out and broke it.