[GNC] Received e-mails in Spams (bad e-mail server configuration / ML configuration)

[Adam H. Kerman]

10:49pm -0000 11/07/25 sunfish62--- via gnucash-user <gnucash-user at gnucash....:

>Thank you for this. A little searching shows that DMARC needs both SPF and 
>DKIM, and the header below shows that the DKIM signature did not verify. 
>I'm not sure how difficult correcting this problem would be for the mailing 
>list sysops.
\
I go through this nonsense on my own mailing lists. I'm no expert, but I'll 
explain to the extent I understand it.

SPF validates the envelope. This is the oldest of the three protocols. DKKM 
validates the integrity of the headers, at a minimum, the integrity of From. 

You may have noticed that every single message has an invalid From. 
Therefore, there's nothing for DKIM to validate.

This is a setting in mailman that can be changed.

DMARC was demanded by the major email providers when they were accused of 
being the main sources of spam, which they certainly were. DMARC, DKIM, and 
SPF are not spam countermeasures.

Then, after demanding that everyone follow the standard, they implemented 
DMARC in a nonstandard way on their own mailing list servers. Note that a 
mailing list server MUST NOT change specific headers, particularly From, but 
they do this so that ENVELOPE FROM matches From, which was never required of 
the DMARC standard and is nonstandard behavior with respect to all other 
email standards. Basically, in case a mailing list itself were the spam 
source, the big email providers simply didn't want domains they own to be 
used on From, even though it's literally the author's mailbox.

mailman and other mailing server applications followed suit, even though 
everybody knew that the major email providers failed to implement DMARC, the 
standard that they demanded be written, in a standard manner.