On 03/02/2018 09:36 AM, Ian Zimmerman wrote:
These are all from Grant Taylor. They are DKIM-signed, and, not surprisingly given the list header and footer munging, signature verification fails (on my mail server).


Correct. DKIM verification is failing and my DMARC policy is configured to REJECT messages that fail DKIM or SPF tests.

The reason that messages are being rejected is because of the DMARC policy. 1) I publish DMARC records and 2) Gmail honor published DMARC records.

The same type of problem will happen with any other sending domain that publishes REJECT records to a recipient where the receiving server honors said REJECT records.

This is not just me. More and more sending domains are publishing DMARC records and more and more receiving servers are honoring said records. Further, multiple governments are mandating that governmental agencies and sub-contractors implement DMARC (which also means DKIM and SPF). The US and Germany come to mind immediately. - This is a growing change in the email industry. - I just happen to live towards (but not on) the bleeding edge of email.

Munging by lists should just die. Why do it? Windoze and Goo users may have to split their mail into folders by Subject, but surely Gentooers know better?

I do not believe that munging is a bad thing. I'll even go so far as to say that I think it's a good thing. (This can turn into a long running discussion that likely doesn't belong on the Gentoo-User mailing list.)

IMHO the biggest issue is that the messages aren't munged enough. From also needs to be munged to make the message appear to be from a different address. (Ideally one that the mailing list owns.)

I also think that any security headers that exist on the incoming message should be removed as messages come into the mailing list and certainly before going out from the mailing list.

 - ARC-*
 - Authentication-Results
 - DKIM-*

Removing these extra headers should help ensure that they don't accidentally get mis-interpreted by servers receiving messages from the mailing list manager.

I have created a new email address in a sub-domain and (re)subscribed to the Gentoo-User mailing list with it and unsubscribed my main email address. This new sub-domain has a different DMARC policy ("NONE" instead of "REJECT") and I'm hoping that it will minimize the number of messages that get bounced. (This is the first time I'm testing it, so I may not have things correctly configured for the new sub-domain yet.)



--
Grant. . . .
unix || die

Reply via email to