== Current situation ==
When somebody with any recent and "modern" mail protection (SPF, DKIM, DMARC) tries to write to Mailman of wikimedia.it, usually their email is marked as spam.
This is probably what is happening:
1. alice.it has a modern mail configuration only allowing e-mails from alice.it MX
2. alice@alice.it sends an email (`From: alice@alice.it`) to a mailing list example@wikimedia.it
3. wikimedia.it impersonates alice sending an email with `From: alice@alice.it` to all its members
4. ↑ **SPF fail**, wikimedia.it is NOT authorized to impersonate alice.it
Current:
```
(Origin: wikimedia.it)
From: alice@alice.it
CC: direttivo@wikimedia.it
```
Expected:
```
(Origin: wikimedia.it)
From: "Alice" <noreply@wikimedia.it>
Reply-To: alice@alice.it
CC: direttivo@wikimedia.it
```
Probably Mailman will do this:
```
(Origin: wikimedia.it)
From: direttivo@wikimedia.it
Reply-To: direttivo@wikimedia.it, alice@alice.it
```
Related mailman documentation
https://www.gnu.org/software/mailman/mailman-admin/general-personality.html
> from_is_list
> This applies to all non-digest messages sent by the list. For settings that apply only to messages whose From: domain publishes a DMARC p=reject or p=quarantine policy, see the dmarc_moderation_action description in section 2.7.
>
> If set to Munge From, it replaces the From: header address with the list's posting address to mitigate issues stemming from the original From: domain's DMARC or similar policies and puts the original From: address in a Reply-To: header.
>
> If set to Wrap Message it wraps the original message as a MIME subpart of an outer message with From: and Reply-To: headers as above.
https://www.gnu.org/software/mailman/mailman-admin/sender-filters.html#sender-filters
== Problematic mailing lists ==
[ ] tech@wikimedia.it
[ ] direttivo@wikimedia.it
[ ] ...
== Wrong mitigations ==
The domain alice.it should not be configured to have a less secure configuration, just because its receivers try to impersonate alice.it.
The solution should try to just avoid to impersonate alice.it. So, the solution is in the wikimedia.it mailserver configuration, not in alice.it.
== Proposed solution ==
The mailing list wikimedia.it should only send e-mails from its own domain.
Verify the `from_is_list` configuration setting its value from `No` to `Munge From`