[tor-mirrors] DMARC problems when using this mailinglist

Heiko Richter email at heikorichter.name
Sun Jan 7 21:37:51 UTC 2018


Your DMARC errors are not a mailing list problem. They are a problem of
your own settings as the servers are just doing what *you* told them to
do. Sadly your SPF is misconfigured and while your DKIM configuration is
correct it includes the typical mistakes of people that don't account
for mailing list behaviour.

--- SPF ---

Your SPF-Record (just allowing your own mx, not the list server):
"v=spf1 mx ~all"

You send the e-mail to the lists servers and they forward it but your
SPF doesn't allow for that you receive an error. There are 2 ways to fix
your SPF:

1) You include the list's SPF record into your own like so ("v=spf1 mx
include:lists.torproject.org ~all"). This will keep your messages out of
the recepient's spam folders.

2) End your SPF with a neutral catch-all. Spam filters do not really
make a difference between "~all" and "?all" and probably most of your
messages will be marked as spam but DMARC will stop sending error
messages as the checks will not fail anymore.

--- DKIM ---

Your DKIM configurations includes the following headers:

Like almost all lists this one also adds a prefix to the headers to
allow for simple mail sorting scripts. While almost all DKIM daemons
recognize this problem you will still receive a DMARC error as your
signature will not verify (probably somthing like "dkim failed [...]
looks forwarded [...]").

To fix this you have 2 options as well:

1) You have to exclude the subject from your DKIM signature or it will
fail. Some DKIM implementations allow for settings on a per-domain basis
so you can just exclude it for the mailing lists you are on.

2) You can exclude lists.torproject.org recipients from DKIM completely
so your list messages will not be signed.


PS: Please check your competence before acusing others of having none.
At least the SPF problem should be detectable by any admin.........

Am 07.01.2018 um 11:55 schrieb Valentin Brandl:
> Hi,
> when sending a mail to this mailinglist, I receive various DMARC reports
> from different mail providers, both private and big ones like google or
> mail.ru.
> This doesn't happen on other mailinglists.
> Also my mailserver flags mails from this list as spam with makes me
> think, others might have the same problem.
> I think it is a problem when rewriting some mail headers. It makes the
> list a pain to use. Maybe anyone knows how to fix this.
> I'll append the DMARC report I received from google.
> _______________________________________________
> tor-mirrors mailing list
> tor-mirrors at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-mirrors/attachments/20180107/3f78de6f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-mirrors/attachments/20180107/3f78de6f/attachment.sig>

More information about the tor-mirrors mailing list