On 07/24/2018 08:11 PM, Richard Damon wrote:
Do you understand how DMARC works?
Yes, I do believe that I do understand how DMARC works.
I have yet to have someone show me something (else) about DMARC that I'm
not aware of.
Yahoo.com has an entry in their DNS that says they want DMARC protection,
and if you can’t verify that the message came from them unmodified to
reject it.
Yep.
I'm doing exactly that.
Unless the mailing list claims authorship of the message by changing the
From: of the message (and thus making it hard to tell who really said the
words), the list relaying the message with the slightest modification
of the Subject or Body will cause it to fail DMARC, as DMARC says that
the From: header is the king for verification.
I am talking about modifying the From: header such that the message no
longer had any conflict with the original published DMARC records.
I.e.
From: Grant Taylor <gtay...@tnetconsulting.net>
Becomes:
From: Grant Taylor via Mailman-Users <mailman-users@python.org>
Thus removing any conflict with any DMARC records published by
tnetconsulting.net
Since the message is now from the Mailman-Users mailing list, it's
perfectly possible to insert a line at the start of the message like the
following:
Grant Taylor <gtay...@tnetconsulting.net> wrote the following:
Only if you think that mailman-users is the author of your message here,
and that your mailing list is the proper author of every message that
goes through your mailing list.
I believe that the Mailman-Users mailing list is the entity responsible
for sending the message to each and every subscriber. I believe the
content that the Mailman-Users mailing list is sending is strongly based
on content provided by someone that sent a message to said mailing list.
I know that the mailing list did not generate the content. I also know
that it is sending content heavily based on content from someone else.
Base SPF isn’t an issue. All messages leaving my mailing list pass
SPF because I publish a SPF record, and the message have an envelope
From of my mailing list.
What is (was) your (original) motivation for munging the envelope to be
from the mailing list? Are (were) you (originally) doing it because you
want to take advantage of V.E.R.P.? Or are (were) you (originally)
doing it to avoid SPF issues?
I know a number of people that only started munging the envelope from
address because of SPF issues.
You may also run into issues with SPF alignment with DMARC if you don't
also modify the From: header.
(I can't tell what domain you are referring to. I don't see SPF / TXT
records for damon-family.org and I don't know if you are referring to
some other domain.)
Again, I can verify the DMARC of the incoming message, but unless I want
to claim authorship by changing the From, I can not send it and have it
pass DMARC.
Which, IMHO, is what DMARC is supposed to be able to enforce.
Only if you consider the mailing list the Author of every message relayed
by it.
I do consider the MLM as being the author / creator / submitter of the
SMTP message.
I view the person that sent the message as being the author / creator /
submitter of the body content in said SMTP message.
The MLM DOES change the Envelope from, it really wants to so it gets the
bounces back so it can process it. That means the outgoing message can
pass SPF as SPF is written. What it doesn’t pass is the modification
to SPF that DMARC specifies that says that the only domain to validate
in the inside From: Header, the Envelope doesn’t count.
Yep, VERP.
So you REALY want to see your view of the mailing list as EVERY message
is ‘From’ Mailman-users, with no indication of who wrote really
wrote the message? Thus you lose the ability to easily block
Not quite.
I would much rather have the human friendly portion of the address
remain what was originally sent.
I.e.
From: Grant Taylor <gtay...@tnetconsulting.net>
Becomes:
From: Grant Taylor via Mailman-Users <mailman-users@python.org>
I would also be interested in something like the following.
From: Grant Taylor gtaylor at tnetconsulting dot net via
Mailman-Users <mailman-users@python.org>
I believe that retains the attribution that I believe you (and many
others) want to retain.
Seeing as how the new outgoing message is completely new, it's perfectly
possible to add something like the following as the first two lines of
the message:
Grant Taylor <gtay...@tnetconsulting.net> wrote the following:
So you don’t think mailing list should do any modifications to the
message, or they need to claim authorship.
"DMARC says that if you get a message from me, it MUST have come
straight from me"
The key being "it MUST have come straight from me".
Thus messages that pass through a mailing list (or forwarded in any way)
fail the "come straight from me" portion.
So you see this thread as the mailing list arguing with itself?
I see this thread as a friendly / academic discussion from many
different mailing list subscribers who send messages to and receive
messages from said mailing list.
Only if the TELL ALL there users that they have effectively should not
use virtually any of the existing mailing lists (except of course for
yahoo users using yahoo groups, as yahoo knows enough to be able to make
those pass)
I disagree.
Should they also be given new message-ids (as they are new messages)
and thus threaded views not work anymore? But DMARC is allowed to damage
the Email system
I am (currently) about 70/30 on if messages from the mailing list should
get new Message-IDs or not.
If all messages pass through and everybody replies to the mailing list
manager, then the new Message-ID from the MLM will work perfectly fine.
Original message:
From: Grant Taylor <gtay...@tnetconsulting.net>
To: Mailman-Users <mailman-users@python.org>
Message-ID: <68fd1dbf-eca3-4924-9531-cbf84d3f3...@tnetconsulting.net>
Message from MLM:
From: Grant Taylor via Mailman-Users <mailman-users@python.org>
To: $Subscriber
Message-ID:
<ad933a76-faaf-41b3-bc36-2b5ac527e...@mailman-users.python.org>
Reply back to MLM:
From: Grant Taylor <gtay...@tnetconsulting.net>
To: Mailman-Users <mailman-users@python.org>
Message-ID: <70ef8f26-dcc2-48e7-a45e-be6fef4ea4fe
@tnetconsulting.net>
References:
<ad933a76-faaf-41b3-bc36-2b5ac527e...@mailman-users.python.org>
The only problem that I see is other people that are explicitly listed
on the To: or CC lines. (I'm ignoring BCCs.)
Allow me to restate:
I believe that ALL messages to / from a /discussion/ mailing list should
go through said mailing list.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
