|
|
|
|
|
|
by kiallmacinnes
1764 days ago
|
|
|
> SPF will verify, but for the wrong domain I can see that argument, but - it's kinda a philosophical question about "who the sender is". Is the the person who typed out the text? or is it the server which transcribed that text into N new emails? The ML server will verify the original authors SPF. The N recipients will verify the ML servers SPF - the chain (which matches the series of MTA's involved) is still verified end to end. > It'll break when used together with DMARC's alignment checks. Yea, DMARC is a much bigger issue for mailing lists, but that's no reason to say "A mailing list will _always_ break SPF" - a well configured* ML has no issues with SPF at all. * And, yes - the definition of "well configured" had to change when SPF was introduced, that's of course annoying, but there has been many many years for ML operators to make these changes. |
|
|
The recipients have no way to check that the mailing list server has checked SPF/DKIM/DMARC. Mailing lists very rarely drop messages because of a failing SPF/DKIM/DMARC check.
ARC tries to fix this, but requires recipients to trust the mailing list server. Just using plain DKIM is much better, recipients can just treat ML-forwarded emails just like direct emails.