The first test had personalize set to 'full'. The message that arrived at
Gmail looks as if it was correctly understood for what it was - gmail parsed
both the dkim headers from lochac.sca.org and from jeremygregson.com, and
let it through.
Background:
Some members of Lochac mailing lists are getting their incoming messages
blocked by mail hosts including Google and Outlook. This appears to be
because the mail headers identify the original sender of the email to the
list, plus the list itself, and the authentication details in those headers
match mailman, but not the original sender.
Fred@gmail sends a message to lochac-announce(a)lochac.sca.org, which forwards
it to joe@hotmail. Hotmail complains that the message was sent from gmail,
but signed by lochac.sca.org.
This problem is not specific to mailman or Lochac. It is detailed in the
rationale behind a relatively new protocol for authenticating emails, ARC.
https://dmarcreport.com/blog/solving-dmarcs-failures-with-mailing-lists/
Solution:
ARC isn't that mature yet. There is no option to just apt install arc and
go from there, it is still at the github distribution level of acceptance.
Mailman offers a couple of settings which might resolve the problem:
personalize and anonymous list. Changing these is quick and easy, but I
don't know if it fixes the problem, or introduces new problems.
This email has just been sent to selenetest(a)lochac.sca.org, with personalize
turned on. You're seeing it because you are a member of that mailing list -
feel free to unsubscribe. I will be looking at the mail headers, adding my
gmail account to the list, and a few other tests to see what happens. Be
prepared for spam, as you watch me test things.
Cheers,
Nico
