See this. (report is at the bottom of this email) Apparently, your list software destroys both SPF and DKIM signatures causing rejects. Since you repackage S/MIME mail to avoid breaking S/MIME, I would suggest doing the same to avoid breaking SPF, eg repackage the mail in a new message/rfc822 container like this, and also DKIM sign the repackaged mail, and also strip the invalid DKIM sig out. A good idea can be then to put up a DKIM, SPF and DMARC record for lists.djigzo.com. Then both SPF and DKIM will be verified against the domain “lists.djigzo.com”, not the sender domain, since the SPF/DKIM validator will always validate mail on the outermost container: From: users(a)lists.djigzo.com To: <receiver of list mail> Subject: Fwd: [original subject] Content-Type: message/rfc822; boundary=”1234”; --1234 From: sebastian(a)sebbe.eu To: <receiver of list mail> Subject: [original subject] Content-Type: text/plain Hello this is a test --1234-- Here is the report I got from Yahoo: <?xml version="1.0"?> -<feedback> -<report_metadata> <org_name>Yahoo! Inc.</org_name> &lt;email&gt;postmaster(a)dmarc.yahoo.com&lt;/email&gt; <report_id>1426038669.132883</report_id> -<date_range> <begin>1425945600</begin> <end>1426031999 </end> </date_range> </report_metadata> -<policy_published> <domain>sebbe.eu</domain> <adkim>s</adkim> <aspf>s</aspf> <p>reject</p> <pct>100</pct> </policy_published> -<record> -<row> <source_ip>87.233.242.72</source_ip> <count>1</count> -<policy_evaluated> <disposition>reject</disposition> <dkim>fail</dkim> <spf>fail</spf> </policy_evaluated> </row> -<identifiers> <header_from>sebbe.eu</header_from> </identifiers> -<auth_results> -<dkim> <domain>sebbe.eu</domain> <result>permerror</result> </dkim> -<spf> <domain>lists.djigzo.com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback>