Re: [Bitcoin-development] Mailman incompatibility with DKIM ...
On Thu, Jun 18, 2015 at 11:56 PM, Mike Hearn m...@plan99.net wrote: We already removed the footer because it was incompatible with DKIM signing. Keeping the [Bitcoin-dev] prepend tag in subject is compatible with DKIM header signing only if the poster manually prepends it in their subject header. I still see footers being added to this list by SourceForge? The new list currently has footers removed during testing. I am not pleased with the need to remove the subject tag and footer to be more compatible with DKIM users. Opinions? I've asked Jeff to not use his @bitpay.com account for now. I'm guessing DKIM enforcement is not very common because of issues like this? It seems that Sourceforge silently drops DKIM enforced mail like jgarzik's. LF seems to pass along their mail but mangles the header/body and makes DKIM verification fail, which causes gmail to toss it into the spam folder. I think this behavior is slightly worse than Sourceforge because it makes the poster think their message was successfully sent (it is in the archive), but many subscribers never see it due to the spam binning. I don't see any good solution to this except an auto-reject for DKIM enforced domain postings. Yes this is rather terrible, but the instant rejection is vastly better than Sourceforge silently dropping the post or LF getting stuck in spam filters. We should also auto-reject any other reason for mail getting stuck in the moderation queue like including non-subscribers. I considered auto-rejecting spam too, but that could go horribly wrong as a false From address could make the Mailman server into a spammer itself. We may have no choice but to silently drop spam for that reason. Warren -- ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Mailman incompatibility with DKIM ...
We already removed the footer because it was incompatible with DKIM signing. Keeping the [Bitcoin-dev] prepend tag in subject is compatible with DKIM header signing only if the poster manually prepends it in their subject header. I still see footers being added to this list by SourceForge? Opinions? I've asked Jeff to not use his @bitpay.com account for now. The only real fix is to use a mailing list operator that is designed to operate correctly with DKIM/DMARC, either by not modifying messages in transit, or by re-sending (and ideally re-signing) under their own identity. Though I'm sure this won't be an issue for the Linux Foundation, the latter approach is dangerous because it means the list operator takes full responsibility for any spamming that occurs from that domain. If the mail server is ever hacked or spammers start posting to the lists themselves, all that spam will be seen as originating from the listserv itself and the reputation will be degraded. It can end with everyone's mail going to the spam folder. -- ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Mailman incompatibility with DKIM ...
The new list currently has footers removed during testing. I am not pleased with the need to remove the subject tag and footer to be more compatible with DKIM users. Lists can do what are effectively MITM attacks on people's messages in any way they like, if they resign for the messages themselves. That seems fair to me! :) I'm guessing DKIM enforcement is not very common because of issues like this? DKIM is used by most mail on the internet. DMARC rules that publish in DNS statements like All mail from bitpay.com is signed correctly so trash any that isn't are used on some of the worlds most heavily phished domains like google.com, PayPal, eBay, and indeed BitPay. These rules are understood and enforced by all major webmail providers including Gmail. It's actually only rusty geek infrastructure that has problems with this, I've never heard of DKIM/DMARC users having issues outside of dealing with mailman. The vast majority of email users who never post to technical mailing lists benefit from it significantly. Really everyone should use them. Adding cryptographic integrity to email is hardly a crazy idea :) It seems that Sourceforge silently drops DKIM enforced mail like jgarzik's. It's not SourceForge, it's your spam filter. His mail gets through to me but it's all in the spam folder. -- ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
