<div><div dir="auto">When I reply from Gmail I always have to change the address or the mail will be apparently sent to the person, not to the mailing list.</div></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno sab 7 mar 2020 alle 14:31 Jef Driesen via subsurface <<a href="mailto:subsurface@subsurface-divelog.org">subsurface@subsurface-divelog.org</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 7/03/2020 13:50, Christof Arnosti via subsurface wrote:<br>
> Can you explain this a bit more?<br>
> <br>
> I think that DKIM / DMARC does exactly what it should: preventing modification <br>
> of mails with "MailFrom" from my domain on-the-fly.<br>
> <br>
> I also have SPF configured, which should in theory also lead to a reject when my <br>
> domain is used as MailFrom.<br>
> <br>
> With DMARC, if I understand correctly, the mail should only be threated as <br>
> boguous when both of these mechanisms fail at once. This is the case when the <br>
> <a href="http://subsurface-divelog.org" rel="noreferrer" target="_blank">subsurface-divelog.org</a> list server modifies my mail (breaks DKIM) and sends it <br>
> from it own server (breaks SPF) with MailFrom ~= *@<a href="http://charno.ch" rel="noreferrer" target="_blank">charno.ch</a>.<br>
> <br>
> I understand that this leads to problems with mailing lists, but on the other <br>
> hand I would think that replacing the sender address by the mailing list <br>
> software (like done now on <a href="http://subsurface-divelog.org" rel="noreferrer" target="_blank">subsurface-divelog.org</a>) should be the right way to <br>
> deal with this problem. Honestly, I'm more curious about why your mail client <br>
> only displays the sender mail-address (but not always? The mail you directly <br>
> received from Benjamin seems fine?) instead of the name in the MailFrom-Header.<br>
> <br>
> I think that DMARC / DKIM / SPF are a quite important tool in the fight against <br>
> mail spoofing, so I would hate to weaken or disable it.<br>
> <br>
> Can you give me some recommendation on how I should configure DMARC / DKIM / SPF <br>
> without breaking spoof-save mailing, but still working with mailinglists <br>
> configured like subsurface was before?<br>
There is an import difference between the "From" email header (which is <br>
displayed by the mail client), and the sender/recipient address ("mail from" and <br>
"rcpt to") used during the smtp communication. For SPF only the latter is <br>
relevant. So it would be perfectly possible to leave the From header intact:<br>
<br>
From: Christof Arnosti <...@<a href="http://charno.ch" rel="noreferrer" target="_blank">charno.ch</a>><br>
<br>
and send the mail from the subsurface domain:<br>
<br>
MAIL FROM: <<a href="mailto:subsurface@subsurface-divelog.org" target="_blank">subsurface@subsurface-divelog.org</a>><br>
RCPT TO: <user@domain.tld><br>
<br>
For SPF everything should be fine because the mail originates from the <br>
subsurface mail server, and the mail client will show the correct name. Or am I <br>
missing something? I'm certainly not an expert on mail server configuration, but <br>
I do run one too.<br>
<br>
For DKIM/DMARC I don't really know.<br>
<br>
Jef<br>
_______________________________________________<br>
subsurface mailing list<br>
<a href="mailto:subsurface@subsurface-divelog.org" target="_blank">subsurface@subsurface-divelog.org</a><br>
<a href="http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface" rel="noreferrer" target="_blank">http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface</a><br>
</blockquote></div></div>