Hi again,
Good point about DMARC. Does anyone know if Charter suddenly started caring about some DMARC policies on or around this past Friday? I have my list set to munge the From: lines of messages from senders E.G. AOL, Yahoo, etc. that publish a DMARC rejection policy.
On a slightly different topic, I've heard from a few Outlook users that list messages are consistently ending up in their junkmail folders. Could this be because Microsoft doesn't like the fact that my list is causing DMARC to fail, but not actually complaining to me about it? I could solve this problem by having the list munge the From: line for all messages, but sometimes that causes problems with replying. In particular, several years ago when my lists were set up to do that, Thunderbird users were having problems sometimes replying to the sender of a message rather than the entire list.
Jayson
On 11/28/2021 11:45 PM, Mark Sapiro wrote:
On 11/28/21 7:58 PM, Jayson Smith wrote:
Hi,
One of my Mailman lists has a single member at Charter which has occasionally bounced mail over the last few days. When this happens, the reason given, when I look it up on their help page, indicates the message I sent goes against the security policies of my domain, and I should contact my domain administrator (that would be me). I have SPF and DKIM set up, and a quick check at dkimvalidator.com verifies they're both working. I assume this is one of these annoying situations where Charter is seeing what's clearly a transient DNS problem and treating it like a permanent failure? Also I assume there's nothing I can do about this? Is the problem likely to be at Charter's end or at my domain's nameservers' end?
Only guessing, but this sounds like DMARC. Does your list apply DMARC mitigations?
If it is DMARC, the issue is the message sent to the charter subscriber is From: poster@posters.domain. posters.domain publishes a DMARC policy of (probably) reject. Yahoo.com is one such common domain. Your list modifies the message by content filtering, subject prefixing, adding msg_footer or some other transformation that breaks the posters.domain DKIM signature. Your SPF and DKIM signatures pass, but they are not 'aligned' with posters.domain, so they don't count for DMARC.