Re: [Mailman-Users] cause of bounces
On 10/19/2017 09:14 PM, Grant Taylor via Mailman-Users wrote: > > RFC 6377 - DomainKeys Identified Mail (DKIM) and Mailing Lists, > disagrees with you. (RFC 6377 is also currently known as BCP 167.) I am too tired at the moment to respond to your posts more completely. I may do so tomorrow. But I suggest that if you are going to quote RFCs that you understand the differences between Best Current Practice and Standards Track categories. Also, I don't disagree that there are issues between DKIM, DMARC and Mailing Lists that make seamless integration of these impossible without changing long standing norms and expectations for Mailing Lists. I also think Mailman (both 2.1 and 3) give you tools to do pretty much whatever you want in this vein except for changing the Message-ID: of the original post. Note that one of the biggest reasons for that is if the list copy has a different Message-ID: and some people receive and reply to a list copy and some receive a direct To: or Cc: and reply to that and people use MUAs that produce threaded views based on Message-ID:, References: and In-Reply-To: headers, threading can get pretty messed up. Finally, I think all we disagree on (as Steve implied in a post a day or two ago) is very arcane, small technical details, and while we may never come to agreement on these, I think we do agree that Mailman can operate in this environment in ways we think are satisfactory. -- Mark SapiroThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On 10/19/2017 10:14 PM, Grant Taylor via Mailman-Users wrote: /The output of a resending MLM is/ *a new message*. ... *The resending MLM is the author* /of the new message/. Since the MLM is the author of the new message, I think it would be prudent to use either of the following as the RFC5322.From address: From: Grant Taylor via Mailman-UsersOr, optionally use the Group syntax to help indicate that a group (read: mailing list) was the source. From: Mailman-Users:mailman-users@python.org; I might be inclined to prefix body copy with something like the following: Message posted to Mailman-Users by: Grant Taylor -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On 10/19/2017 09:15 PM, Mark Sapiro wrote: I think that won't happen. The use of p=none subdomains by various entities that publish p=reject for their primary domain is intended for addresses for their own staff to use in communicating via mailing lists and perhaps other channels. If a freemail provider such as Yahoo would be willing to create a lists.yahoo.com domain with p=none for use by their freemail users, that domain would be subject to the same abuses that caused them to publish p=reject in the first place. Agreed. Further, end users would either need to make a choice of which sending domain to use, or Yahoo (et al) would need to have a list of domains to send from the list subdomain. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On 10/19/2017 12:37 AM, Stephen J. Turnbull wrote: The IETF has NO position on WHEN this should be done because it's not relevant to interoperability. My personal reasoning with respect to mailing list managers like Mailman which normally pass through all text/plain, and perhaps add some tags to Subject and prefix or suffix the body, is that users (including posters) would be quite annoyed if de-duping didn't work. And those of us who deal with mail in sophisticated ways would be quite upset if the Message-ID we give it doesn't correspond to the Message-ID distributed by the list and in the archive. I believe RFC 6377 makes it fairly clear if a message is new or not. TL;DR: If anything other than the SMTP envelope is modified, then the MLM is a resending MLM, which necessitates a new message with a new author and Message-ID. I can respect your concern about the Message-ID changing, especially with deduplication. However, I counter that the new message from the resending MLM is in fact a different message than the one that the original author sent to the resending MLM. So, if you were in the To / CC / BCC of the message from the original author, you /should/ receive two copies of the message. Fortunately nicer MLMs, like Mailman, can detect that a list subscriber was included in the To or CC and act on the subscriber's configured option if they want to receive a copy of the message from the MLM that they received directly. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On 10/18/2017 11:50 AM, Mark Sapiro wrote: This is the crux of our disagreement. The outbound message is still the original author's message, albeit slightly altered by subject prefixing, content filtering and/or other transformations to conform with list policies. I don't agree that it is a completely new message. I think it is still the original message with only technical and formatting changes. RFC 6377 - DomainKeys Identified Mail (DKIM) and Mailing Lists, disagrees with you. (RFC 6377 is also currently known as BCP 167.) § 3.2 calls this out specifically: resending: A resending MLM (see Sections 5.2 and 5.3 of [EMAIL-ARCH]) is one that may make changes to a message. The output of such an MLM is considered to be a *new message*; *delivery of the original has been completed* prior to distribution of the reposted message. Such messages are often reformatted, such as with list-specific header fields or other properties, to facilitate discussion among list subscribers. /The output of a resending MLM is/ *a new message*. MLM Output: *MLM* (sending its reconstructed copy of the originating user's message) *is Author*; MLM's ADMD is Originator and Signer; the ADMD of each subscriber of the list is a Verifier; each subscriber is a Receiver. *The resending MLM is the author* /of the new message/. The dissection of the overall MLM operation into these two distinct phases allows the DKIM-specific issues with respect to MLMs to be isolated and handled in a logical way. The main issue is that the repackaging and reposting of a message by an MLM is actually the construction of a completely new message, and as such, the MLM is introducing new content into the email ecosystem, consuming the Author's copy of the message, and creating its own. When considered in this way, the dual role of the MLM and its ADMD becomes clear. Since we have been talking about modifying more than /just/ the SMTP envelope, we are indeed talking about a resending MLM and not an alias MLM. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On 10/19/2017 04:07 AM, William Bagwell wrote: > > So if enough users of Yahoo and AOL requested something such as > u...@list.aol.com to not be DMARC p=reject they /might/ listen? I think that won't happen. The use of p=none subdomains by various entities that publish p=reject for their primary domain is intended for addresses for their own staff to use in communicating via mailing lists and perhaps other channels. If a freemail provider such as Yahoo would be willing to create a lists.yahoo.com domain with p=none for use by their freemail users, that domain would be subject to the same abuses that caused them to publish p=reject in the first place. -- Mark SapiroThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On Thursday 19 October 2017, Stephen J. Turnbull wrote: > As Mark says, they should use an @sysadmins.irs.gov address or > something like that, which would have its own p=none policy. Note > that this has been already standard practice at Yahoo! (!), AOL (!!), > LinkedIn, and several banks that participate in IETF discussions. > Since 2013 for Yahoo! and LinkedIn IIRC. So if enough users of Yahoo and AOL requested something such as u...@list.aol.com to not be DMARC p=reject they /might/ listen? Only list I help administer the owner simply moderates the few remaining hold outs who can not switch and manually re-posts their messages. Would not have worked back when the list was busy... Think I now understand the correct fix but did not a few years ago when this mess started and that was the solution we came up with. -- William -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
On 2017-10-19 01:36, Stephen J. Turnbull wrote: (I don't understand Dimitri's claim about SourceForge ads; all the mail I get from SourceForge is originated there and AFAIK the DKIM validates. If it doesn't, their system is pretty brain-damaged.) It is, but not DKIM-drain-bramaged. I PGP-sign when sending from my linux PCs and SF injects their ads into the signed part. hat>Which is part of the reason why they don't want you to sign your messages on the client, before they got their ads in. That depends on how much mail you get, how much of it is unwanted, how much you care about the time you spend dealing with unwanted mail, and how much you care about losing wanted mail. :) How would I know: it got thrown away, I never knew it existed. Seriously, though, for me gmail is the only one that doesn't deliver wanted mail and sticks it into their "all mail" -- despite the blanket .forward I have in there. On my work MTA I pretend DMARC doesn't exist and I don't spend any more time on spam now than I did in 2007. Dimitri -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
Grant Taylor via Mailman-Users writes: > IMHO, DMARC is going to eventually become the new norm. It has been so since late 2015, according to the DMARC Consortium. At that time they claimed that 80% of legitimate email was originated at domains that participate in DMARC reporting protocols. I don't think p=reject will ever be the norm for freemail providers. > I also wonder what ARC is going to do to this paradigm. It may or may not help mailing lists. It depends on whether the spammers successfully jump on it to obfuscate themselves, which they could do, in which case you might end up in the current situation where you need to apply for whitelisting at some of the large providers. On the other hand, the large providers are getting better at identifying responsible lists for themselves, and ARC would definitely make authenticating those lists easier. Steve -- Associate Professor Division of Policy and Planning Science http://turnbull/sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnb...@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
Dimitri Maziuk writes: > That does not contradict what I said. Low specificity means low > probability of detection of "bad stuff". I.e. it doesn't mean much that > most of it passes. That may be true for you, but for most of us having most of our mail have a valid DKIM signature, plus a DMARC PASS, means that most of our mail is authentic. I care a *lot* about having my filters throw away, or even quarantine, mail from a known correspondent using a known address. This almost never happens any more. > Ohkay, so what exactly am I the end user is supposed to need it > for? That depends on how much mail you get, how much of it is unwanted, how much you care about the time you spend dealing with unwanted mail, and how much you care about losing wanted mail. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
Mark Sapiro writes: > I don't agree that it is a completely new message. I think it is > still the original message with only technical and formatting > changes. The IETF's position is that this decision is up to the forwarding agent. If they change the Message-ID, that means they consider it a new message, and are taking authorship (perhaps with substantial quoting, but it's quoting, not forwarding). If they don't, it's not new, and From MUST contain the address placed there by the original author. (That's an RFC-2119 "must". This is why Mark is correct to say that Munge From is non-conforming.) The IETF has NO position on WHEN this should be done because it's not relevant to interoperability. My personal reasoning with respect to mailing list managers like Mailman which normally pass through all text/plain, and perhaps add some tags to Subject and prefix or suffix the body, is that users (including posters) would be quite annoyed if de-duping didn't work. And those of us who deal with mail in sophisticated ways would be quite upset if the Message-ID we give it doesn't correspond to the Message-ID distributed by the list and in the archive. > However, if you are just sending the body of the original message From: > the list, according to RFC 5322 et al, you are saying the list is the > author of that message body. This is not true and is why I say the > message is not compliant with RFC 5322 et al. This isn't quite accurate. We do make an effort to identify the author, so I wouldn't say we're "claiming authorship". The problems are that we make it impossible to identify the author by the usual methods (filtering on email address), and it's ugly, especially for folks with MUAs that display only the display name (and of course we had a lot of people rather confused by this through most of 2014!) Steve -- Associate Professor Division of Policy and Planning Science http://turnbull/sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnb...@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] cause of bounces
Grant Taylor via Mailman-Users writes: > I use DKIM validity as a signal that I then make decisions based on. - > Hence why I have chosen to alter spam score on my mail server based on > the DKIM result. You can do that. But call it what it is: a deliberate decision NOT to conform to a standards-track RFC. The fact of the matter is that the spammers are laughing at you. THEY have perfectly valid DKIM signatures, or if they're going to try a replay attack, they remove the DKIM signature they're about to break. Broken DKIM signatures principally mean somebody added a footer to the body, a DMARC mitigation in From, or a tag to the Subject. So this rule primarily targets perfectly legitimate mail posted to mailing lists. (I don't understand Dimitri's claim about SourceForge ads; all the mail I get from SourceForge is originated there and AFAIK the DKIM validates. If it doesn't, their system is pretty brain-damaged.) Steve -- Associate Professor Division of Policy and Planning Science http://turnbull/sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnb...@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org