On 8 June 2016 at 10:55, Florian Pritz via arch-general < arch-general@archlinux.org> wrote:
On 08.06.2016 06:26, Eli Schwartz via arch-general wrote:
dkim header remarks indicate either failed or missing dkim sigs for those messages.
That's weird. For me the signatures very just fine. Could you show me the exact error you get (assuming there is one)?
Maybe also run the full mail (source, including headers) through `opendkim-testmsg` (part of the opendkim package)? If there is no error, the mail verifies fine.
Also missing DKIM signatures are not our fault and FWIW a missing signature should not cause mails to go to spam. An invalid signature also shouldn't unless there is a DMARC policy for that domain that states so. archlinux.org currently doesn't publish a DMARC policy so the default of letting everything through applies.
We do change the From address of any mail that uses DMARC though and resign the mail with our key so that signatures for those mails are valid. Since we change the From address, the DMARC policy of the original sender no longer matters.
I don't know if gmail provides any information as to why they classify a specific mail as spam, but if they do, please show me. If they do not, please send me all the headers of one mail that has been delivered to spam so I can check them for possible problems.
Gmail imposes more strict checks on email coming in over IPv6, with the rationale that IPv6 enabled machines are more modern and thus should be configured properly for newer verification techniques. Of course, for a mailinglist this does not fly since it does not generate the messages itself. See also [1], specifically "Additional guidelines for IPv6". So... A stupid but possibly pragmatic approach is to use IPv4 when relaying email to gmail. [1] https://support.google.com/mail/answer/81126