Quote:
Originally Posted by aussieboykie
The message was sent directly to a list. The sender's credentials are in my address book.
List-Id:
560bd9fceddef9c231fda92aemc list <560bd9fceddef9c231fda92ae.150013.list-id.mcsv.net>
x-spam-known-sender:
no ("Email failed DMARC policy for domain"); in-addressbook
|
So the path seems to me to be the following:
sender with credentials => mailing list => you at Fastmail
The forwarding by the mailing list would break spf for the original sender, but Fastmail does not even check that. Fastmail would only check spf for the envelope sender, which is the mailing list. This succeeded, but does not align with the original sender (the "From:" field), which the mailing list must have left unchanged. And then the mailing list changed the message slightly so the sender's DKIM signing would fail. Because both spf failed (it wasn't the original sender that verified OK) and DKIM as well, then DMARC failed.
I'm not sure what Fastmail currently does if the original sender has p=reject or p=quarantine. But your question seems to be specifically, why does Fastmail not allow the message given the credentials in your address book. It is because all the checks that the message really came from that sender failed. Note, of course, it did not come from that sender specifically, it came from a mailing list to which the sender had submitted the message, and the mailing list changed the message slightly.
Have I got it right? Reference:
https://en.wikipedia.org/wiki/DMARC#Mailing_lists