Some privacy email providers, including Autistici, Disroot, Dismail, Vivaldi, have DMARC policy setup to “reject”. As you see follows.

_dmarc.autistici.org.	2998	IN	TXT	"v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:[email protected]"

_dmarc.disroot.org.	3143	IN	TXT	"v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:[email protected]; ruf=mailto:[email protected];"

_dmarc.dismail.de.	14400	IN	TXT	"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:[email protected]"

_dmarc.vivaldi.net.	300	IN	TXT	"v=DMARC1; p=reject; rua=mailto:[email protected]"

They all have “p=reject” in their DMARC records.

I was thinking this setting is not good for a mailing list user. For instance, when you use one of the addresses to subscribe to mailing lists, you will have the delivery issues.

This is because, mailing list service generally rewrites the sender address (SRS) to the list address, thus SPF verification will have no help to DMARC authentication of your domain. And most list servers add signatures at the footer of messages. Then DKIM will fail for the original message sent from your server.

Since both SPF and DKIM have no help to your sender domain, DMARC validation fails, the message will be rejected by other MTAs following the DMARC setting above.

So I was thinking it’s better not set up a “p=reject” in DMARC for those providers. They are privacy oriented providers, use open source mostly. Many tech people are using the services above. As a comparison, Riseup has the better setting as the following.

_dmarc.riseup.net.	600	IN	TXT	"v=DMARC1;p=none;adkim=r;aspf=r;rua=mailto:[email protected]"

As you see above, their policy is “p=none” which is good for mailing lists delivery.