If the list server needs to change the existing "Reply-To" and the "Reply-To" field is part of the DKIM or DMARC signature, then:
* these DKIM/DMARC signatures have to be dropped (leaving on the SPF), or:
* the original DKIM/DMARC signature and every signed part of the message can only be forwarded as an attachment (other parts may be part of the modified message, outside the signed attachment), or:
Or the mailing list cannot change the "Reply-To"... But then it could cause a malicious subscriber to the list to send messages whose "Reply-To" field could target another random email adress, that the mailing list server cannot assert that his owner has authorized the message to be sent to this owner, so the mailing list server could be signaled as "spamming" the owner of the target mail address that never requested such responses, given that they did not even subscribe themselves to the mailing list, or were not the real author of the message but another unrelated subscriber to the mailing list (this could cause false attributions, and could cause an innocent subscriber, identified by this "reply-to" being accused of sending bad messages to the list.
This also suggests that users of this mailing list SHOULD NOT send any message with a "Reply-To" set to anything else than the mailing list itself (so that the mailing list server will not need to change it). Instead, they may provide their personal response address inside the content body of their message. The mailing list server however may provide in another field the email identity of the original sender of the message (an authorized subscriber) in some other field ("Originately-From:").
