[Mailman-Users] cause of bounces

Mark Sapiro mark at msapiro.net
Tue Oct 17 20:33:13 EDT 2017

On 10/17/2017 05:04 PM, Grant Taylor via Mailman-Users wrote:
> On 10/17/2017 05:07 PM, Mark Sapiro wrote:
> My brain is failing to translate "corresponding organizational domains"
> to "sub-domains" properly and what that means for strict vs relaxed.

In another thread on mailman-developers, I discussed organizational
domains with Lindsay, so I assumed he knew.

In summary, every domain has a corresponding organizational domains
which may be the same or a "super" domain. In short, the organizational
domain is the domain that might be found in whois. For "common" tlds
like .com, .org, net, .edu, etc. the organizational domain is the top
two levels. E.g. the organizational domain for
some.sub.domain.example.com is example.com, but it's much more
complicated than that. See <https://publicsuffix.org/list/> if you want
to know more.

>> So the bottom line is as an "unaffiliated" relay without munging From:,
>> SPF will never pass for DMARC and DKIM will only pass if you don't
>> transform the message in ways that break the From: domain's DKIM
>> signature.
> I assume that you're talking about the SMTP envelope from and not the
> From: header.

No. I could have slipped, but when I write From: domain, I mean the
domain of the address in the From: header (That's what DMARC is all
about - verifying that the message actually came from the domain of the
address in the From: header). If I mean the domain of the envelope from,
I try to use that phrase, but in the context of DMARC that domain is
only relevant for SPF and only if it "aligns" with the From: domain.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list