On Wed, May 10, 2023 at 06:19:15PM +0200, Jaroslav Kysela wrote: > On 10. 05. 23 17:34, Konstantin Ryabitsev wrote: > > > So, I'm just going to repeat this: operating a mailing list and remaining > > DMARC compliant is perfectly possible, provided: > > > > - the original message is DKIM-signed > > - all existing headers are unmodified > > - the message body is unmodified > > Example of e-mail which is rejected by google's mx servers: > > https://lore.kernel.org/alsa-devel/20230510142227.32945-1-vitalyr@xxxxxxxxxxxxxxxxxxxxx/raw Thank you for this example -- it plainly illustrates the problem, which is that Mailman 3 mangles messages. If you compare the above message with the message that passed via vger, you will notice what went wrong: -CC: <alsa-devel@xxxxxxxxxxxxxxxx>, <patches@xxxxxxxxxxxxxxxxxxxxx>, - <linux-kernel@xxxxxxxxxxxxxxx>, - Vitaly Rodionov <vitalyr@xxxxxxxxxxxxxxxxxxxxx> +CC: alsa-devel@xxxxxxxxxxxxxxxx, patches@xxxxxxxxxxxxxxxxxxxxx, + linux-kernel@xxxxxxxxxxxxxxx, Vitaly Rodionov <vitalyr@xxxxxxxxxxxxxxxxxxxxx> For some bizarre reason Mailman-3 decided to make the CC header "more pretty" by stripping the angle brackets around addresses. Since it's a DKIM-signed header, this invalidates the signature and results in DMARC violations. The answer, unfortunately, is to stop using Mailman-3. It's not usable for patch-based workflows. -K