On 12/30/22 13:45, Polarian wrote:
Hello,
I guess this is a good idea, however this means you can not have a strict DMARC record like I do now, thus you need to setup the DMARC record to accept pass of either spf or dkim.
However, having valid spf does not instantly mean your emails will not be spammed, dkim takes higher priority, so if you have a strict DMARC record and include lists.archlinux.org in your spf record, it will still be impossible for them to send emails as you, as they will not be able to pass the dkim check and will fail the dmarc validation, and thus will be (most likely) spammed!
Thank you, Polarian
Are you quite sure that strict DMARC requires dkim? Maybe it's more about how the domain (or subdomain) is treated for establishing alignment when comparing with the signing domain name. May be worth double checking that your thesis that an unsigned mail which is SPF valid and SPF aligned will fail DMARC as you suggest above. gene