On Fri, 10 Mar 2023, Phyllis Smith wrote:
requirement doesn\u2019t apply to you if you\u2019re an existing sender. However, we recommend you always set up SPF and DKIM to protect your organization\u2019s email and to support future authentication requirements."
As I would understand, Google warns that, although you as an existing sender are not (yet) applied to SPF/DKIM requirements, be prepared that the policy can change soon and without further notice.
Also, I "think" we do have DKIM implemented (their note says SPF OR DKIM)
Google requires DMARC authentication, what literally means "either DKIM or SPF or both".
if I interpret further down on the "Original Message Header" where it says: X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
No, Phyllis, X-Google-DKIM-Signature is not a real DKIM although it looks like DKIM. X-Google-DKIM-Signature is an additional private header inserted by Google - perhaps to propagate this signature between diverse Google mail relays. And if somebody other submits his email to the CGG mailing list not from Google's account but from some other account, there will be no X-Google-DKIM-Signature header in that email at all. The real DKIM header is: "DKIM-Signature:" and is normally inserted by the mailserver where the email was first originated. This header contains a special hash computed from several other headers, most important, the From:, Subject:, To: headers and, may be, the email body itself. For mailing lists it is a catastrophe as maillists usually add their own headers to ensure that all the maillist members get emails, and then the old DKIM hash does not match the edited headers. But if maillist server recomputes DKIM, DMARC will still fail because From: does not correspond to maillist domain any more. So, the DKIM solution is difficult.
But anyway, I will see if I can figure out how to implement SPF like they suggest. A lot of the things I am trying to do is quite difficult for me and beyond my skill set. ...Phyllis
SPF is much easier to implement, but this is a job of the administrator of the primary server of the DNS domain where the mailing list resides, not your job, Phyllis. The users, even if privileged to some extent, have no permissions to edit DNS zones on nameservers. _______________________________________________________________________________ Georgy Salnikov NMR Group Novosibirsk Institute of Organic Chemistry Lavrentjeva, 9, 630090 Novosibirsk, Russia Phone +7-383-3307864 Email [email protected] _______________________________________________________________________________