surgemail-support <surgemailHIDDEN@t@netwinsite.com> wrote:
>
>Ooops, sorry I thought you'd already changed the from, yes you need to 
>set it to be from the list.
>
>from_list true
>
>No there's no nice work around that I know of, they are specifically 
>stopping forged from headers which is what mailing lists traditionally use.
>
>     ChrisP.
>
>
>On 28/04/2016 3:17 p.m., Neil Herber (nospam) wrote:
>>
>> From my tests, setting sender_list true has no effect. The mail is 
>> still rejected. I am pretty sure that DMARC only looks at the FROM header.
>>
>> An online article suggested that removing the DKIM signature from the 
>> forwarded mail would solve the problem, but it does not. The mail gets 
>> refused as unauthenticated.
>>
>> It looks like I am reduced to banning Yahoo senders or stripping the 
>> sender data and making all the mail appear to come from the list 
>> rather than the original senders.
>>
>> Neil
>>
>>
>> On 2016-04-27 6:02 PM, surgemail-support wrote:
>>> I think the short answer is set:
>>>     sender_list true
>>> to rewrite the sender header.
>>>
>>>     ChrisP.
>>>
>>>
>>> On 28/04/2016 7:53 a.m., Neil Herber (nospam) wrote:
>>>>
>>>> I have several small, closed mailing lists running on SurgeMail. A 
>>>> new list member has a YAHOO address, and the mail he sends gets 
>>>> rejected by Gmail, Hotmail, Yahoo, and others with this error message:
>>>>
>>>>> Site gmail.com (173.194.74.27) said after data sent: 550 5.7.1 initiative.
>rc7si2769636igc.23 - gsmtp 550-5.7.1 Unauthenticated email from yahoo.ca
>is not accepted due to domain's\n550-5.7.1 DMARC policy. Please contact administrator
>of yahoo.ca domain if this\n550-5.7.1 was a legitimate mail. Please visit\n550-5.7.1https://support.google.com/mail/answer/2451690
> to learn about DMARC
>>>>
>>>> I suspect that the sender's FROM address is triggering this false 
>>>> positive, even though:
>>>>
>>>> 1) The return path is set to Return-Path: <servicenameHIDDEN@@eton.ca>
>>>>
>>>> 2) The reply-to is set to Reply-To:HIDDEN@ename@eton.ca
>>>>
>>>> 3) The sender was verified by SPF "Received-SPF: pass (Last token 
>>>> {ptr:yahoo.com} (res=PASS)) client-ip=98.xxx.xxx.173; " so they were 
>>>> a real Yahoo customer.
>>>>
>>>> Is there any way around this? Or do I need to strip out the sender 
>>>> info in DLIST which makes it harder for users to see who originated 
>>>> the message to the list?
>>>>
>>>> Note that my current setup has worked for ALL users for years. This 
>>>> is our first "yahoo" list member.
>>>>
>>>> Neil
>>>>
>>>> -- 
>>>> Neil Herber
>>>
>>
>> -- 
>> Neil Herber
>
>
>
><html>
>  <head>
>    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
>  </head>
>  <body bgcolor="#FFFFFF" text="#000000">
>    Ooops, sorry I thought you'd already changed the from, yes you need
>    to set it to be from the list.<br>
>    <br>
>    from_list true<br>
>    <br>
>    No there's no nice work around that I know of, they are specifically
>    stopping forged from headers which is what mailing lists
>    traditionally use.  <br>
>    <br>
>        ChrisP.<br>
>    <br>
>    <br>
>    <div class="moz-cite-prefix">On 28/04/2016 3:17 p.m., Neil Herber
>      (nospam) wrote:<br>
>    </div>
>    <blockquote cite="mid:ca2cb92b-c233-9463-bc6fHIDDEN@2ce465@eton.ca"
>      type="cite">
>      <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
>      <p>From my tests, setting sender_list true has no effect. The mail
>        is still rejected. I am pretty sure that DMARC only looks at the
>        FROM header.</p>
>      <p>An online article suggested that removing the DKIM signature
>        from the forwarded mail would solve the problem, but it does
>        not. The mail gets refused as unauthenticated.</p>
>      <p>It looks like I am reduced to banning Yahoo senders or
>        stripping the sender data and making all the mail appear to come
>        from the list rather than the original senders.<br>
>      </p>
>      <p>Neil<br>
>      </p>
>      <br>
>      <div class="moz-cite-prefix">On 2016-04-27 6:02 PM,
>        surgemail-support wrote:<br>
>      </div>
>      <blockquote cite="mid:57213704HIDDEN@0@netwinsite.com" type="cite">
>        <meta content="text/html; charset=utf-8"
>          http-equiv="Content-Type">
>        I think the short answer is set:<br>
>            sender_list true<br>
>        to rewrite the sender header.<br>
>        <br>
>            ChrisP.<br>
>        <br>
>        <br>
>        <div class="moz-cite-prefix">On 28/04/2016 7:53 a.m., Neil
>          Herber (nospam) wrote:<br>
>        </div>
>        <blockquote
>          cite="mid:01514a87-9f4e-252d-e9c9HIDDEN@02ffe4@eton.ca"
>          type="cite">
>          <meta http-equiv="content-type" content="text/html;
>            charset=utf-8">
>          <p>I have several small, closed mailing lists running on
>            SurgeMail. A new list member has a YAHOO address, and the
>            mail he sends gets rejected by Gmail, Hotmail, Yahoo, and
>            others with this error message:</p>
>          <p> </p>
>          <blockquote type="cite">
>            <pre wrap="">Site gmail.com (173.194.74.27) said after data sent:
>550 5.7.1 initiative. rc7si2769636igc.23 - gsmtp 550-5.7.1 Unauthenticated
>email from yahoo.ca is not accepted due to domain's\n550-5.7.1 DMARC policy.
>Please contact administrator of yahoo.ca domain if this\n550-5.7.1 was a
>legitimate mail. Please visit\n550-5.7.1  <a moz-do-not-send="true" class="moz-txt-link-freetext"
>href="https://support.google.com/mail/answer/2451690">https://support.google.com/mail/answer/2451690</a>
>to learn about DMARC</pre>
>          </blockquote>
>          <p>I suspect that the sender's FROM address is triggering this
>            false positive, even though:</p>
>          <p>1) The return path is set to Return-Path: <a
>              moz-do-not-send="true" class="moz-txt-link-rfc2396E"
>              href="mailto:servicenameHIDDEN@@eton.ca"><a class="moz-txt-link-rfc2396E"
>href="mailto:servicenameHIDDEN@@eton.ca"><servicename-bounce@eton.ca></a></a></p>
>          <p>2) The reply-to is set to Reply-To: <a
>              moz-do-not-send="true" class="moz-txt-link-abbreviated"
>              href="mailtoHIDDEN@ename@eton.ca"><a class="moz-txt-link-abbreviated"
>href="mailtoHIDDEN@ename@eton.ca">servicename@eton.ca</a></a><br>
>          </p>
>          <p>3) The sender was verified by SPF "Received-SPF: pass (Last
>            token {ptr:yahoo.com} (res=PASS)) client-ip=98.xxx.xxx.173;
>            " so they were a real Yahoo customer.</p>
>          <p>Is there any way around this? Or do I need to strip out the
>            sender info in DLIST which makes it harder for users to see
>            who originated the message to the list?</p>
>          <p>Note that my current setup has worked for ALL users for
>            years. This is our first "yahoo" list member.</p>
>          <p>Neil<br>
>          </p>
>          <pre class="moz-signature" cols="72">-- 
>Neil Herber</pre>
>        </blockquote>
>        <br>
>      </blockquote>
>      <br>
>      <pre class="moz-signature" cols="72">-- 
>Neil Herber</pre>
>    </blockquote>
>    <br>
>  </body>
></html>
>
>

It's my understanding that DMARC accepts mail that either passes DKIM or SPF, but fails mail that fails both.

https://support.google.com/a/answer/2466580?hl=en

Quote: A single check failure using either technology allows the message to pass DMARC.