On 03/02/2018 09:36 AM, Ian Zimmerman wrote:
These are all from Grant Taylor. They are DKIM-signed, and, not
surprisingly given the list header and footer munging, signature
verification fails (on my mail server).
Correct. DKIM verification is failing and my DMARC policy is configured
to REJECT messages that fail DKIM or SPF tests.
The reason that messages are being rejected is because of the DMARC
policy. 1) I publish DMARC records and 2) Gmail honor published DMARC
records.
The same type of problem will happen with any other sending domain that
publishes REJECT records to a recipient where the receiving server
honors said REJECT records.
This is not just me. More and more sending domains are publishing DMARC
records and more and more receiving servers are honoring said records.
Further, multiple governments are mandating that governmental agencies
and sub-contractors implement DMARC (which also means DKIM and SPF).
The US and Germany come to mind immediately. - This is a growing
change in the email industry. - I just happen to live towards (but not
on) the bleeding edge of email.
Munging by lists should just die. Why do it? Windoze and Goo users may
have to split their mail into folders by Subject, but surely Gentooers
know better?
I do not believe that munging is a bad thing. I'll even go so far as to
say that I think it's a good thing. (This can turn into a long running
discussion that likely doesn't belong on the Gentoo-User mailing list.)
IMHO the biggest issue is that the messages aren't munged enough. From
also needs to be munged to make the message appear to be from a
different address. (Ideally one that the mailing list owns.)
I also think that any security headers that exist on the incoming
message should be removed as messages come into the mailing list and
certainly before going out from the mailing list.
- ARC-*
- Authentication-Results
- DKIM-*
Removing these extra headers should help ensure that they don't
accidentally get mis-interpreted by servers receiving messages from the
mailing list manager.
I have created a new email address in a sub-domain and (re)subscribed to
the Gentoo-User mailing list with it and unsubscribed my main email
address. This new sub-domain has a different DMARC policy ("NONE"
instead of "REJECT") and I'm hoping that it will minimize the number of
messages that get bounced. (This is the first time I'm testing it, so I
may not have things correctly configured for the new sub-domain yet.)
--
Grant. . . .
unix || die
