On 5/24/25 17:34, John Levine via NANOG wrote:
Even if you have p=none, it still shows as a broken signature on the email and will be rejected by google/MS/etc. They are large enough to violate the standards and we all have to submit, unless you pay for delivery to their customers. Sorry, but this is nonsense. Please, sir, step away from the kool-aid. They aren't perfect but that kind of conspiracy theory helps nobody.
I run mailing lists that have lots of subscribers at large providers, They only rewrite sender addresses when DMARC policies require it, and they get mail delivered just fine.
When this was set to not rewrite it, and send via policy we saw a total inability to deliver to google amongst others. After consulting several people with knowledge of the situation, this was pointed to as a probable cause. Tests were done on the test list, and found that mail flowed unimpeded when DKIM was valid, whether due to not modifying the email or resigning it. As I don't sign my subjects, even modifying the subject on my emails was being delivered if the body was kept unmodified. The crux of the issue is that many emails are modified when traversing the listserver now. This used to be the exception, most people posted in text/plain, no attachments, etc. The new normal is most posts have HTML that is rewritten into text/plain or stripped, users post with attachments for graphics in their signature and so on. All these cause the message body to be modified, and break DKIM signatures. The footer added by the listserv guarantees this will be broken too. ARC/RFC8617 was considered, but right now other than google, it appears to be not widely used. If this was widely supported, it appears to be a good solution. The admin team is always looking for help, please email me direct or admins@nanog.org if you want help out. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net