On Thu, 19 Nov 2015, Rick Moen via luv-talk wrote:
$ dig -t mx linuxmafia.com +short 10 linuxmafia.com. $ dig -t a linuxmafia.com +short 198.144.195.186 $
Et voila. It matches.
_Unfortunately_, upon retransmission by luv.asn.au, and re-mailed out to all mailing list subscribers, this time it arrives at the destination MTAs (for the subscribers) from luv.asn.au's IP address, 202.158.218.240.
202.158.218.240 is _not_ a match for sending domain linuxmafia.com's list of authorised sending IPs. So, if the claimed sending domain in the internal SMTP 'From: ' header still says linuxmafia.com, it can no longer pass an SPF check.
Isn't cascading Received: from .* (.*) by headers completely normal in mail? Isn't a mailing list just another MTA? Can't it just prepend another Received: line and forward it on? If that breaks DMARC/SFP, doesn't that then mean DMARC/SFP is fundamentally broken? -- Tim Connors