Re: [PHP-DEV] Re: Improving Mailing-List interactions - was: [PHP-DEV] Moving PHP internals to GitHub
On 13.04.23 10:50, Tim Düsterhus wrote: Hi On 4/13/23 10:46, Andreas Heigl wrote: DMARC is less of a concern, because the list apparently already performs DMARC mangling for a policy that is not 'none' Apart from (possibly) modifying the body and the subject line which then breaks the DKIM signature which then breaks DMARC ;-) I understand how DKIM and DMARC works. For users with a DMARC policy of quarantine or reject the list manager already performs DMARC mangling: The 'From' header is changed from the original 'From' header and instead the list address is put there. Now the DMARC policy of the original sender no longer applies and instead the DMARC policy of the list is used (which does not exist). You can see happening with the email from "Mikhail Galanin via internals" that was sent roughly 10 minute ago. Then we should probably change that so that emails from a domain with DMARC set to 'none' are also not changed. As that just means that DMARC is enabled, the receiving mailserver should just not quarantine or reject the message but instead inform the sender about the problem. With the current settings the sender receives issues and the clients also report that the DKIM signature is invalid. Cheers Andreas -- ,,, (o o) +-ooO-(_)-Ooo-+ | Andreas Heigl | | mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" | | https://andreas.heigl.org | +-+ | https://hei.gl/appointmentwithandreas | +-+ | GPG-Key: https://hei.gl/keyandreasheiglorg | +-+ OpenPGP_signature Description: OpenPGP digital signature
Re: [PHP-DEV] Re: Improving Mailing-List interactions - was: [PHP-DEV] Moving PHP internals to GitHub
Hi On 4/13/23 10:46, Andreas Heigl wrote: DMARC is less of a concern, because the list apparently already performs DMARC mangling for a policy that is not 'none' Apart from (possibly) modifying the body and the subject line which then breaks the DKIM signature which then breaks DMARC ;-) I understand how DKIM and DMARC works. For users with a DMARC policy of quarantine or reject the list manager already performs DMARC mangling: The 'From' header is changed from the original 'From' header and instead the list address is put there. Now the DMARC policy of the original sender no longer applies and instead the DMARC policy of the list is used (which does not exist). You can see happening with the email from "Mikhail Galanin via internals" that was sent roughly 10 minute ago. Best regards Tim Dsüterhus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] Re: Improving Mailing-List interactions - was: [PHP-DEV] Moving PHP internals to GitHub
Hey On 13.04.23 10:38, Tim Düsterhus wrote: Hi On 4/13/23 10:29, Andreas Heigl wrote: 1. Remove modification of the emails on the lists server so that DKIM and DMARC will finally work Yes, please, but for different reasons: Filtering is much more reliably performed using the 'list-id' header compared to a Subject prefix and not having the prefix in the Subject makes the INBOX more tidy when also having the [RFC] or [VOTE] prefixes. Also clients apparently can't decide whether to put the 'Re' before or after the prefix. DMARC is less of a concern, because the list apparently already performs DMARC mangling for a policy that is not 'none' Apart from (possibly) modifying the body and the subject line which then breaks the DKIM signature which then breaks DMARC ;-) Cheers Andreas -- ,,, (o o) +-ooO-(_)-Ooo-+ | Andreas Heigl | | mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" | | https://andreas.heigl.org | +-+ | https://hei.gl/appointmentwithandreas | +-+ | GPG-Key: https://hei.gl/keyandreasheiglorg | +-+ OpenPGP_signature Description: OpenPGP digital signature
[PHP-DEV] Re: Improving Mailing-List interactions - was: [PHP-DEV] Moving PHP internals to GitHub
Hi On 4/13/23 10:29, Andreas Heigl wrote: 1. Remove modification of the emails on the lists server so that DKIM and DMARC will finally work Yes, please, but for different reasons: Filtering is much more reliably performed using the 'list-id' header compared to a Subject prefix and not having the prefix in the Subject makes the INBOX more tidy when also having the [RFC] or [VOTE] prefixes. Also clients apparently can't decide whether to put the 'Re' before or after the prefix. DMARC is less of a concern, because the list apparently already performs DMARC mangling for a policy that is not 'none' Best regards Tim Düsterhus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php