Hi Steve

In the DMARC FAQ, Section "Receiver Questions" they say: "If emails from
mailing lists are important to your users, you may therefore consider to
apply specific rules for emails coming from mailing lists." [1] This is
the situation right now with the DNG list: It's up to the people who do
DMARC checking on the receiving end to not deny mails from the list. If
a mail administrator decides to do DMARC checking on incoming mail the
DMARC people advise to take special measures like "a sort of whitelist".

Their tips on operating a compatible mailing list is not satisfying, all
listed solutions [2] have "Cons". The best option in my opinion is to
follow 3.C. This could be achieved with an ARC seal [3]. The exim-user
mailing list uses this technique and it seems to work.

I don't see your point of accidentally sending to the list when using
"reply to sender". DNG does not change the From header. It adds an
Envelope-Sender address which is correct. You might should check your
Claws Mail, that it does use the From-Adress and not the Enveloppe-From
for replies.

What might be wrong with vm6.ganeti.dyne.org is its ability to check
DKIM signatures. I have not found one that this host recognises as
valid. This seems to be the receiving host for mails to the list. It
should be able to successfully verify DKIM signatures before passing on
a message to mailman.


Regards, Adrian.


[1]
https://dmarc.org/wiki/FAQ#Is_there_special_handling_required_to_receive_DMARC_email_from_mailing_lists.3F

[2]
https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F

[3] https://en.wikipedia.org/wiki/Authenticated_Received_Chain