[Mailman-Users] DMARC issues
Hello! I believe there's no need to elaborate on the problems recently introduced by Yahoo, changing their DMARC DNS record and rendering many mailman lists unusable for Yahoo mail users. I see the solution to this problem in changing the From: field to mailing list's address, but keeping the poster's name or address in the description part of the same field. For example: From: List Name on behalf of Poster Name l...@add.re.ss or From: Poster Name via List Name l...@add.re.ss or From: Poster Name l...@add.re.ss or From: Poster Name [pos...@add.re.ss] l...@add.re.ss I'm using Mailman 2.1.13, and can not upgrade to 2.1.16 on a live system. I was forced to turn on anonymous_list as the urgent remedy, byt the full anonymization is not really how it should be. Could someone please help me achieve this using the above version, by some changes in the code? Thank you! -- Pozdrav / Regards, Siniša Burina -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
They're breaking RFC 822 / 5322. The From: field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. [...] In all cases, the From: field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. I don't think we should compound that by changing the From line. Joseph Brennan Columbia University Information Technology -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 10/04/14 16:25, Joseph Brennan wrote: They're breaking RFC 822 / 5322. The From: field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. [...] In all cases, the From: field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. I don't think we should compound that by changing the From line. Well, anonymous_list option does that too, completely hiding the original poster's information. The approach I proposed would do the same, only in slightly subtler manner. :) -- Pozdrav / Regards, Siniša Burina -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
I hate to say it, but the days of the kinder, gentler internet when everyone played strictly by the RFCs are passing as operational control of internet services comes increasingly under the control of fewer, bigger players who can do as they wish. This isn't to say that Mailman should break RFCs too, but there are few options. SPF inherently breaks mailing lists, which is why heretofore it's been used mostly as an advisory protocol rather than as a determinant of whether an email gets delivered, or not. I understand that SPF is one of the components of DMARC protocols. This is the first I've heard of this issue, but it doesn't surprise me at all. On Thu, 2014-04-10 at 10:25 -0400, Joseph Brennan wrote: They're breaking RFC 822 / 5322. The From: field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. [...] In all cases, the From: field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. I don't think we should compound that by changing the From line. Joseph Brennan Columbia University Information Technology -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/fmouse%40fmp.com -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
Lindsay Haisley fmo...@fmp.com wrote: SPF inherently breaks mailing lists No, it doesn't. SPF checks the envelope sender, and when the list host is, say, lists.example.com, the envelope sender is something like listname-boun...@lists.example.com, and that can pass SPF. Mailman, Listserv, etc, all write their envelope sender that way. Joseph Brennan Columbia University Information Technology -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 10/04/14 17:18, Lindsay Haisley wrote: This is the first I've heard of this issue, but it doesn't surprise me at all. Basically, Yahoo insists that their own mail servers are the only ones that can originate the message with @yahoo.com domain in the From header. Not Return-Path, Not the envelope sender, but exactly the From header in the message itself. If this practice gets adopted by more organizations, I don't know how else could this problem be solved. -- Pozdrav / Regards, Siniša Burina -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On Apr 10, 2014, at 03:09 PM, Siniša Burina wrote: I believe there's no need to elaborate on the problems recently introduced by Yahoo, changing their DMARC DNS record and rendering many mailman lists unusable for Yahoo mail users. It *is* a shame that these anti-spam defenses knowingly break mailing lists. I say knowingly but not maliciously because their specs usually describe the adverse affects on mailing lists, along with some mitigation approaches (which may not have a positive effect on list usability wink). The spec authors are not hostile to mailing lists and would rather not break them, but there does seem to be a fundamental conflict between mailing lists and anti-spam approaches. That said, DMARC was discussed in great detail last year on the -developers list, so if you want all the gory details, check out those archives. Mark will probably follow up in more detail, but MM2.1 implemented a feature in 2.1.16 called from_is_list which is a ternary option for addressing the effects of DMARC. It has to be enabled by the site admin, and then list admins can opt-in. It's disabled by default for backward compatibility reasons. From Defaults.py: # The following is a three way setting. # 0 - Do not rewrite the From: or wrap the message. # 1 - Rewrite the From: header of posts replacing the posters address with # that of the list. Also see REMOVE_DKIM_HEADERS above. # 2 - Do not modify the From: of the message, but wrap the message in an outer # message From the list address. DEFAULT_FROM_IS_LIST = 0 So as you can see, two approaches are available, From: rewriting or outer message wrapping. Both are suboptimal for usability, but it seems like we have no other viable option. This is not yet implemented in MM3 because I don't really like having to do it. We might have no choice though. -Barry -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On Thu, Apr 10, 2014 at 10:18:33AM -0500, Lindsay Haisley wrote: I hate to say it, but the days of the kinder, gentler internet when everyone played strictly by the RFCs are passing as operational control of internet services comes increasingly under the control of fewer, bigger players who can do as they wish. +1. -- If all else fails, immortality can always be assured by spectacular error. -- Galbraith -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On Thu, Apr 10, 2014 at 12:04 PM, Adam McGreggor adam-mail...@amyl.org.uk wrote: On Thu, Apr 10, 2014 at 10:18:33AM -0500, Lindsay Haisley wrote: I hate to say it, but the days of the kinder, gentler internet when everyone played strictly by the RFCs are passing as operational control of internet services comes increasingly under the control of fewer, bigger players who can do as they wish. +1. Further to that point: The behemoths doing this also offer competitive (revenue based!) offerings to the services they are impacting. -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
Siniša Burina writes: Basically, Yahoo insists that their own mail servers are the only ones that can originate the message with @yahoo.com domain in the From header. Not Return-Path, Not the envelope sender, but exactly the From header in the message itself. If this practice gets adopted by more organizations, I don't know how else could this problem be solved. If yahoo wants to give their users an excuse to use a different address and stop advertising yahoo, I have no problem with that. :-) The straightforward thing for Mailman to do is to wrap mail from yahoo addresses in a multipart/mixed with a text part explaining that Yahoo is knowingly interfering with the mail service of their users, and the mail itself in a message/rfc822 part. As far as I know, no component of DMARC allows digging into a message and trying to DMARC the MIME parts. Or just bounce them with a message stating that Yahoo no longer permits its users to post to mailing lists, so please use a different posting address. I realize that most sites can't do that, but mine can (and will if I get any complaints about this policy -- my subscribers are sympathetic). Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 10/04/14 19:57, Stephen J. Turnbull wrote: Or just bounce them with a message stating that Yahoo no longer permits its users to post to mailing lists, so please use a different posting address. I realize that most sites can't do that, but mine can (and will if I get any complaints about this policy -- my subscribers are sympathetic). And that's exactly what I'm going to do. :) -- Pozdrav / Regards, Siniša Burina -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On Thu, Apr 10, 2014 at 2:34 PM, Siniša Burina s...@burina.net wrote: On 10/04/14 19:57, Stephen J. Turnbull wrote: Or just bounce them with a message stating that Yahoo no longer permits its users to post to mailing lists, so please use a different posting address. I realize that most sites can't do that, but mine can (and will if I get any complaints about this policy -- my subscribers are sympathetic). And that's exactly what I'm going to do. :) Here's a tried and tested patch just awaiting more use: https://code.launchpad.net/~jimpop/mailman/dmarc-reject -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On Apr 11, 2014, at 02:57 AM, Stephen J. Turnbull wrote: The straightforward thing for Mailman to do is to wrap mail from yahoo addresses in a multipart/mixed with a text part explaining that Yahoo is knowingly interfering with the mail service of their users, and the mail itself in a message/rfc822 part. As far as I know, no component of DMARC allows digging into a message and trying to DMARC the MIME parts. That's what I mean by we can fix it if we make the user experience horrible. See all the complaints about the MIME-proper way we add footers in some cases. -Barry -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 04/10/2014 07:25 AM, Joseph Brennan wrote: They're breaking RFC 822 / 5322. The From: field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. [...] In all cases, the From: field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. I don't think we should compound that by changing the From line. Several others have made relevant replies while I was on the plane to Montreal, registering for PyCon, attending the opening reception ... Anyway, I wanted to say I agree completely with the above even though the DMARC community does not. That's why I implemented the option in 2.1.16 to wrap the original post as a message/rfc822 part attached to a new message from the list. Unfortunately, when I actually turned this on in response to Yahoo's change in DMARC policy, I got complaints from users of Apple iOS iThings that their mail clients do not deal well with this message, so I reluctantly went the non-compliant mung the From: way. Yesterday I wrote a brief FAQ on this which is at http://wiki.list.org/x/ggARAQ. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] DMARC and Mail Lists open space at Pycon
I have tentatively scheduled an open space for Friday, 11 April at 18:00 in room 523B at Pycon to talk about DMARC and mail lists. All available interested parties are invited. If the time doesn't work, we can reschedule. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On Apr 10, 2014, at 20:25, Mark Sapiro m...@msapiro.net wrote: On 04/10/2014 07:25 AM, Joseph Brennan wrote: They're breaking RFC 822 / 5322. The From: field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. [...] In all cases, the From: field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. I don't think we should compound that by changing the From line. Several others have made relevant replies while I was on the plane to Montreal, registering for PyCon, attending the opening reception ... Anyway, I wanted to say I agree completely with the above even though the DMARC community does not. That's why I implemented the option in 2.1.16 to wrap the original post as a message/rfc822 part attached to a new message from the list. Unfortunately, when I actually turned this on in response to Yahoo's change in DMARC policy, I got complaints from users of Apple iOS iThings that their mail clients do not deal well with this message, so I reluctantly went the non-compliant mung the From: way. Yesterday I wrote a brief FAQ on this which is at http://wiki.list.org/x/ggARAQ. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- At least as of iOS 7 it can show messages inside messages. That's how I view email forwarded from Exchange. Now if only bottom posting was easier on an iPhone. Fat fingered from my iPhone -- miscorrections happen. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 04/10/2014 06:09 AM, Siniša Burina wrote: I see the solution to this problem in changing the From: field to mailing list's address, but keeping the poster's name or address in the description part of the same field. For example: ... I'm using Mailman 2.1.13, and can not upgrade to 2.1.16 on a live system. I was forced to turn on anonymous_list as the urgent remedy, byt the full anonymization is not really how it should be. Could someone please help me achieve this using the above version, by some changes in the code? I'm not sure why you can't upgrade if you can patch the code, but in any case, I can't point you at a single patch to do it my way because there are several. You could do it by applying all of the following patches in order. http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1402 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1404 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1415 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1417 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1418 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1419 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1446 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1450 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1453 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1454 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1455 (1415, 1417 and 1418 are i18n only) -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 04/10/2014 05:35 PM, mail.ulticom.com wrote: At least as of iOS 7 it can show messages inside messages. Thanks for the tip. I'll check with my users and see what they're using. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
Mark Sapiro writes: Unfortunately, when I actually turned this on in response to Yahoo's change in DMARC policy, I got complaints from users of Apple iOS iThings that their mail clients do not deal well with this message, The iOS 6 mail client was just plain unusable, and in very limited experience the iOS 7.1 client is not a lot better. Neither can stay synched with the state of Gmail on my PC. It's easier to use Gmail from Safari (even though Safari has trouble displaying those pages correctly), and I'm going to try the Gmail iPhone client later today (I normally don't process mail from my iPhone 4S/iOS 7.1). I can't speak for those who don't use Gmail, of course, but I find it hard to be sympathetic with people who complain that the very limited clients provided by Apple are, well, *very* limited. so I reluctantly went the non-compliant mung the From: way. That's a shame. I really think putting the blame on Yahoo! and the DMARC advocates (Yahoo! clearly being a leader in that crowd), where it belongs, and the discomfort on Yahoo! users, is a better idea. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org