spf helo pass

[Peter]

On 31/12/21 4:32 am, dovecot at ptld.com wrote:
> DMARC breaks on dovecot mailing list.

That is not always the case.  Indeed your message explicitly passes DMARC.

> DMARC does not break on postfix mailing list.

This is not true either.  I have had several messages fail DMARC from 
the postfix list.

> Having a mailing list that doesn't break DMARC is possible.

Yes, but it requires rewriting the From: header (among other things).

Having an SPF entry for the HELO domain, while it wouldn't hurt, will 
not help with DMARC.  DMARC will only look at it if the domain matches 
the domain in the From: header, and so unless the message has a From: 
header with a dovecot.org domain then no amount of SPF records under 
dovecot.org will help here.

The reason that the postfix list (and indeed this list) often times 
passes DMARC is because the messages are forwarded un-altered, and as 
such the DKIM signature passes.  As long as teh message is originally 
DKIM signed by the same domain as that in the From: header then it will 
pass DMARC regardless of SPF.  This, of course, is heavily dependent on 
the proper usage of DKIM by the original sender.


Peter