Reliable mailing list deliveries
![](https://secure.gravatar.com/avatar/eed8f31faaedb43ab26010a5a5f03905.jpg?s=120&d=mm&r=g)
I'm looking for current best practices for configuring Mailman servers so that they can deliver mail to subscribers, especially those with gmail addresses and other e-mail service providers who use similar anti-spam strategies.
Is it simply some combination of SPF, DMARC and DKIM? Maybe a particular way to set these up? Or something else? (The MTA? DNS?)
Thanks in advance.
- Hoover Chan hoover.chan@gmail.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free.www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/3/24 10:39, Hoover Chan via Mailman-Users wrote:
Is it simply some combination of SPF, DMARC and DKIM? Maybe a particular way to set these up? Or something else? (The MTA? DNS?)
Your server needs to identify itself with your domain name (myhostname
in Postfix). That domain needs an A record in DNS with the server's IP
and the IP needs a PTR back to the domain name. All outgoing mail should
be DKIM signed and you should publish and appropriate SPF. It is also
said that publishing a DMARC record, even with p=none
can help too.
Mailman must also apply DMARC mitigations. This is tricky because gmail
publishes a DMARC policy on none
, but if mail to a gmail address is
From: a gmail address, gmail wants it to pass DMARC, so you either have
to apply DMARC mitigations to all mail (DMARC Mitigate unconditionally =
Yes) or add ^.*@gmail\.com$
to DMARC Addresses.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/3/24 10:39, Hoover Chan via Mailman-Users wrote:
Is it simply some combination of SPF, DMARC and DKIM? Maybe a particular way to set these up? Or something else? (The MTA? DNS?)
Your server needs to identify itself with your domain name (myhostname
in Postfix). That domain needs an A record in DNS with the server's IP
and the IP needs a PTR back to the domain name. All outgoing mail should
be DKIM signed and you should publish and appropriate SPF. It is also
said that publishing a DMARC record, even with p=none
can help too.
Mailman must also apply DMARC mitigations. This is tricky because gmail
publishes a DMARC policy on none
, but if mail to a gmail address is
From: a gmail address, gmail wants it to pass DMARC, so you either have
to apply DMARC mitigations to all mail (DMARC Mitigate unconditionally =
Yes) or add ^.*@gmail\.com$
to DMARC Addresses.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Hoover Chan
-
Joly MacFie
-
Mark Sapiro