From: "Rick Moen" rick@linuxmafia.com Subject: Re: BALUG-Talk and SPF/DKIM Date: Fri, 18 Aug 2017 05:49:07 -0700
So, your receiving MTA, getting the subscriber copy, would have sought to vet transmitting MTA IP 198.144.194.238 (temp.balug.org) against the SPF RR not of _your_ domain (for that copy), but rather of domain balug.org.
People get really confused about SPF and mailing list, I notice, forgetting that the MLM's forward is a separate message with a different SMTP envelope (from a different domain).
Let's look at the balug.org SPF RR:
:r! dig -t txt balug.org +short [null return value]
Well, Michael, time to put an SPF RR in the balug.org DNS.
Well, much of the migration criteria has been "not worse than". https://www.wiki.balug.org/wiki/doku.php?id=balug:mail_and_lists ... much to be improved, but fair bit of that will come later. First of all, for the lists, the sending domain is temp.balug.org, not balug.org. And for the old list hosting location, lists.balug.org. Note that there are no SPF(/TXT) records for lists.balug.org. And so it is thus far for temp.balug.org. Yes, certainly not ideal, but "good enough" for the time being. Will probably add the SPF & TXT records to lists.balug.org. once that gets moved over. The canonical will shift back to lists.balug.org - but that will happen *after* it's moved over. Likewise for @balug.org ... "not worse than" criteria ... will deal with further improving it after it's moved over. Also, for a lot of such stuff, before it's moved over, trying to "fix"/improve is about double (or more) work, as it has to be done in two places. And since I can't control all of what DreamHost.com does, making some changes there also risks possibly causing severe breakage (e.g. if I add SPF for balug.org, and it then conflicts with some change they make, then that breaks balug.org SPF).