Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-13 Thread Stephen J. Turnbull 
Mark Sapiro writes:
 > On 05/12/2014 01:25 AM, Stephen J. Turnbull wrote:
 > > 
 > > How about multipart/alternative:
 > > 
 > > message header
 > > multipart/alternative
 > > 
 > > part header
 > > message/rfc822# original message in all its glory
 > > 
 > > part header
 > > 
 > 
 > 
 > Interesting idea, but I think the part order is reversed. The simplest,
 > most universally readable part is supposed to be first with parts of
 > increasing complexity coming later.

That's precisely the point.  Most MUAs choose to display the *last*
form that they understand, but there's no guarantee that they'll
understand earlier ones, so they should (but see below) keep trying.

As Bugs Bunny says, "Eh-he-he-eh, ain' I a stinka?!" ;-)

 > > Then amend the existing MIME RFCs to say that MUAs SHOULD (MAY?)
 > > simply display the original message in some appropriate way.  No?
 > 
 > I really wonder if that would help. Section 5.2 of RFC 2046 [...].
 > While this doesn't explicitly say MUAs SHOULD or MAY simply display the
 > original message in some appropriate way, it certainly conveys that
 > sentiment to me, yet here we are over 17 years later with apparently
 > some mainstream MUAs that don't do that.

I know, but what can we do?  There are very few of us who could get
away with telling our subscribers, "well, then, get a *real* MUA!!",
and even fewer who can do that, and want to.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-12 Thread Mark Sapiro 
On 05/12/2014 01:25 AM, Stephen J. Turnbull wrote:
> 
> How about multipart/alternative:
> 
> message header
> multipart/alternative
> 
> part header
> message/rfc822# original message in all its glory
> 
> part header
> 


Interesting idea, but I think the part order is reversed. The simplest,
most universally readable part is supposed to be first with parts of
increasing complexity coming later.


>  > Perhaps a new Content-Type such as message/wrapped
> 
> AFAICS this is completely unnecessary?
> 
> message header
> Content-Type: message/rfc822
> 
> original message header
> original message body# or cooked if you prefer


Which is essentially what the Wrap Message action does now.


> Then amend the existing MIME RFCs to say that MUAs SHOULD (MAY?)
> simply display the original message in some appropriate way.  No?


I really wonder if that would help. Section 5.2 of RFC 2046 doesn't say
exactly that, but it does contain this note:

   NOTE:  It has been suggested that subtypes of "message" might be
   defined for forwarded or rejected messages.  However, forwarded and
   rejected messages can be handled as multipart messages in which the
   first part contains any control or descriptive information, and a
   second part, of type "message/rfc822", is the forwarded or rejected
   message.  Composing rejection and forwarding messages in this manner
   will preserve the type information on the original message and allow
   it to be correctly presented to the recipient, and hence is strongly
   encouraged.

A couple of things are significant in that. It basically agrees with
Stephen that message/wrapped is unnecessary, but it also says the
message/rfc822 type "will preserve the type information on the original
message and allow it to be correctly presented to the recipient".

While this doesn't explicitly say MUAs SHOULD or MAY simply display the
original message in some appropriate way, it certainly conveys that
sentiment to me, yet here we are over 17 years later with apparently
some mainstream MUAs that don't do that.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Mark Sapiro 
On 05/09/2014 07:27 PM, Richard Damon wrote:

> But the wrapped message could pass the DMARC DKIM signature check, if it
> will exactly matchs the message that came from Yahoo/AOL. (which the
> phish won't). This says that the List Headers, modified subject, list
> headers and footers should be added to the wrapping message, not the
> wrapped message, which also says that the MUA shouldn't throw this away,
> but combine these with the original message (but in a way that makes it
> clear which is which).


Just for the record, this is how the Wrap Message action is implemented
in Mailman. I.e. all the stuff Richard mentions is done to the outer
message, not to the message/rfc822 part that is the original message.
The one exception that will break DKIM is content filtering which by
necessity is applied to the original message before it's wrapped. This
is a big one, because I suspect almost all messages from Yahoo users are
multipart/alternative to begin with (and has anyone else noticed what a
horrible job Yahoo does in making the text/plain alternative, but I
digress ...), and many lists collapse alternatives so the DKIM sig will
be broken.

That notwithstanding, as Stephen and others have mentioned, the MUAs to
deal with this are not here and are unlikely to be here anytime soon.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Stephen J. Turnbull 
Richard Damon writes:
 > On 5/9/14, 10:13 PM, John Levine wrote:

 > > The correct response is either for senders to stop publishing DMARC
 > > policies that don't match the way their users use mail (fat chance),
 > > or for recipient systems to skip the DMARC checks on mail from sources
 > > that are known to send mail that recipients want but that doesn't
 > > match DMARC's narrow authentication model, e.g., mailing lists and the
 > > Wall Street Journal's mail-an-article button.

GMail is already doing this, although we don't know the algorithm
precisely.  If GMail continues and others join, ostracism of providers
who continue to use inflexible bouncing policies instead of smart
filters becomes more plausible.

I know that's not satisfactory for people whose lists are populated by
AOL and Yahoo users, but I don't know what to say to them.  Their
users are DoS'ing their mailing lists with their addresses, even if
they don't know it.

 > But the wrapped message could pass the DMARC DKIM signature check, if it
 > will exactly matchs the message that came from Yahoo/AOL. (which the
 > phish won't). This says that the List Headers, modified subject, list
 > headers and footers should be added to the wrapping message, not the
 > wrapped message, which also says that the MUA shouldn't throw this away,
 > but combine these with the original message (but in a way that makes it
 > clear which is which).

Sure (and that is what I intended when I suggested wrapping in the
first place), but (a) MUAs don't support DMARC yet, and all the signs
say that the yahoos will deliberately delay implementing MUAs that do,
and (b) many MUAs don't support wrapped messages well at all.

As John put it,

 >> Failing that, all we have left is hacks, none of which are
 >> satisfactory.

We'll see how the on-going talks at the IETF go.  Some results should
be forthcoming "shortly" (that's hearsay, and I can't say any more
because that's exactly what I was told by a source close to the center
of the process).

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Stephen J. Turnbull 
Lindsay Haisley writes:

 > A nice fix, albeit probably total pie-in-the-sky, would be the
 > establishment of a MIME Content-Type: multipart/list-post, a variation
 > on (or extension of) mulpart/mixed.  MUAs SHOULD (in the RFC 2119 sense)
 > effectively hide the outermost enclosing MIME envelope with this
 > Content-Type and present the contents according to rules that would
 > apply were the enclosing MIME envelope not there.  As far as the mail
 > system is concerned, the headers on the envelope are the effective ones.
 > As far as the MUA is concerned, for presentation purposes, the envelope
 > content is what counts.

The problem is that the DMARC people don't give a damn about the mail
system (and the PHBs behind the actions at Yahoo and AOL could care
less in both senses, apparently).  They're entirely concerned with
presentation.

And the technicians who designed DMARC are *right* to be concerned
about presentation, because it is presentation that the crooks use to
hook their prey.  In other words, if we come up with a way to present
mail that doesn't bear their signature[1] "as if" it came straight
from one of their domains, that can be abused by the crooks.

When (not if!) that abuse happens, the forces behind DMARC will come
back and say "O no!  You can't do THAT!"  And they (the PHBs,
I mean) will break the system again ... and again ... and again.

So, unfortunately, I think there is *no* fix based on presentation.
The only real fix is users who are sophisticated enough to avoid
spammers, which can't be perfect (some people just aren't, and
everybody slips occasionally), but can certainly be enhanced by better
filters.

Well, there's that other fix, the one that involves lists as we love
them joining the dinosaurs. :-(

All-hail-Dave-Hayes-and-the-AI-newsreader!-ly y'rs,



Footnotes: 
[1]  Any list that isn't a pure address exploder will be unable to
maintain the signature.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Richard Damon 
On 5/9/14, 10:13 PM, John Levine wrote:
>> Arguably, the correct response to DMARC filtering _should_ be the MIME
>> encapsulation of list mail, with appropriate RFC 2369 headers added to
>> the enclosing MIME structure leaving the content un-munged, with all
>> information from the original poster intact.  Arguably, MUAs should be
>> transparent to this.  Arguably, this would have been the best design for
>> the operation of mailing lists in email-space from the git-go.
> Unfortunately, this argument falls over when you note that spammers
> and phishers can encapsulate their paypal.com phishes and add list
> headers, too.  
>
> The correct response is either for senders to stop publishing DMARC
> policies that don't match the way their users use mail (fat chance),
> or for recipient systems to skip the DMARC checks on mail from sources
> that are known to send mail that recipients want but that doesn't
> match DMARC's narrow authentication model, e.g., mailing lists and the
> Wall Street Journal's mail-an-article button.
>
> Failing that, all we have left is hacks, none of which are satisfactory.
>
> R's,
> John
>
But the wrapped message could pass the DMARC DKIM signature check, if it
will exactly matchs the message that came from Yahoo/AOL. (which the
phish won't). This says that the List Headers, modified subject, list
headers and footers should be added to the wrapping message, not the
wrapped message, which also says that the MUA shouldn't throw this away,
but combine these with the original message (but in a way that makes it
clear which is which).

-- 
Richard Damon

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread John Levine 
>Arguably, the correct response to DMARC filtering _should_ be the MIME
>encapsulation of list mail, with appropriate RFC 2369 headers added to
>the enclosing MIME structure leaving the content un-munged, with all
>information from the original poster intact.  Arguably, MUAs should be
>transparent to this.  Arguably, this would have been the best design for
>the operation of mailing lists in email-space from the git-go.

Unfortunately, this argument falls over when you note that spammers
and phishers can encapsulate their paypal.com phishes and add list
headers, too.  

The correct response is either for senders to stop publishing DMARC
policies that don't match the way their users use mail (fat chance),
or for recipient systems to skip the DMARC checks on mail from sources
that are known to send mail that recipients want but that doesn't
match DMARC's narrow authentication model, e.g., mailing lists and the
Wall Street Journal's mail-an-article button.

Failing that, all we have left is hacks, none of which are satisfactory.

R's,
John

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Lindsay Haisley 
On Sat, 2014-05-10 at 04:01 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> 
>  > What goes into an address comment is, or should be, purely
>  > informational on a human level, and ignored on a computational
>  > level.
> 
> Unfortunately, we can't depend on that:

The operational term is "or should be" :/

> DMARC draft, sec. 15.2.  This is discussion of matters outside the
> scope of DMARC itself, not a normative specification, and the document
> itself says there are legitimate uses of email addresses in display
> names (or comments).  But that hasn't stopped the spam-fighters in the
> past; it may not stop them this time.  AFAICS, putting an address from
> a DMARC domain anywhere in the mail leaves you subject to a possible
> DMARC reject unless you satisfy "from alignment" for that domain
> exactly as specified in DMARC.
> 
> That's not implemented by anyone now, and may never be.  And
> obfuscating the address as in the OP may help, but for my previous
> work address that would be
> 
> stephen dot turnbull dot 1 at econ dot ohio-state dot edu
> 
> which is 57 characters.  You pays your money and you takes your
> choice, I guess.

DMARC is ugly, as AOL and Yahoo are using it.  From: header munging is
ugly.  Ugly begets ugly when agreements start to break down.  All we can
do is ride with it and hope that smart people with cool heads and a
sense of the real value of a smoothly working Internet to the larger
community will ultimately prevail.  I'm not overly optimistic at this
point.  AFAICS, this just another aspect of the general abandonment of
net neutrality, one which has come in under the radar of the nightly
news.

A nice fix, albeit probably total pie-in-the-sky, would be the
establishment of a MIME Content-Type: multipart/list-post, a variation
on (or extension of) mulpart/mixed.  MUAs SHOULD (in the RFC 2119 sense)
effectively hide the outermost enclosing MIME envelope with this
Content-Type and present the contents according to rules that would
apply were the enclosing MIME envelope not there.  As far as the mail
system is concerned, the headers on the envelope are the effective ones.
As far as the MUA is concerned, for presentation purposes, the envelope
content is what counts.

-- 
Lindsay Haisley   | "Everything works if you let it"
FMP Computer Services |
512-259-1190  | - The Roadie
http://www.fmp.com|


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Stephen J. Turnbull 
Lindsay Haisley writes:

 > What goes into an address comment is, or should be, purely
 > informational on a human level, and ignored on a computational
 > level.

Unfortunately, we can't depend on that:

   There are a few possible mechanisms that attempt mitigation of
   [display name] attacks, such as:

   o  If the display name is found to include an email address (as
  specified in [MAIL]), execute the DMARC mechanism on the domain
  name found there rather than the domain name discovered
  originally.

DMARC draft, sec. 15.2.  This is discussion of matters outside the
scope of DMARC itself, not a normative specification, and the document
itself says there are legitimate uses of email addresses in display
names (or comments).  But that hasn't stopped the spam-fighters in the
past; it may not stop them this time.  AFAICS, putting an address from
a DMARC domain anywhere in the mail leaves you subject to a possible
DMARC reject unless you satisfy "from alignment" for that domain
exactly as specified in DMARC.

That's not implemented by anyone now, and may never be.  And
obfuscating the address as in the OP may help, but for my previous
work address that would be

stephen dot turnbull dot 1 at econ dot ohio-state dot edu

which is 57 characters.  You pays your money and you takes your
choice, I guess.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-09 Thread Lindsay Haisley 
On Thu, 2014-05-08 at 15:42 -0400, Glenn Sieb wrote:
> If I felt what my users were asking for was unreasonable, I wouldn't
> have bothered to bring it here. They'd *like* to see who's posting so if
> they *choose* to reply privately they can. In the past, this was easy
> enough. The From: line was there with the OP's email address. Now, as
> far as I can tell, depending on the MUA the *poster* uses, there *might*
> be two Reply-Tos--one with the OP email, one with the list address. But
> that's not reliable, as it doesn't happen for ALL posters.
> 
> Hell, even a munged From: like:
> 
> "ges+lists at wingfoot dot org via Mailman-Users
> "
> 
> would be a vast improvement over:
> 
> "ges+lists--- via Mailman-Users "

I'm not as knowledgeable as Stephen or Mark, but I've been working with
Internet email since the early 90s or so and have read the founding
RFCs.  One of the principles underlying the design of the Internet email
system is that information should never be intentionally abandoned.
Nothing gets dumped into the cosmic bit bucket, neither header
information nor content, and NDRs and DSNs keep the sender appraised of
problems with delivery.  This has been a strong argument against munging
of Reply-To headers going back quite a few years.  Information may be
_added_ by a component in the delivery chain (and generally is) but not
deleted.

Arguably, the correct response to DMARC filtering _should_ be the MIME
encapsulation of list mail, with appropriate RFC 2369 headers added to
the enclosing MIME structure leaving the content un-munged, with all
information from the original poster intact.  Arguably, MUAs should be
transparent to this.  Arguably, this would have been the best design for
the operation of mailing lists in email-space from the git-go.

We're stuck in the Real World, however, where Apple and probably other
MUA authors and designers have cut corners in design and we're forced
into a corner where information loss of some sort is imposed on us.
From: header munging is decidedly ugly!  It's perhaps the least ugly
solution that still works reliably to deliver content to _everyone_ even
though the information loss limits choice on the receiving end.

Your suggested partial solution ("ges+lists at wingfoot dot org via
Mailman-Users ...") is also ugly, but given the situation we're in at
this point, IMHO it has merit and should be worth some consideration in
the design of Mailman.  What goes into an address comment is, or should
be, purely informational on a human level, and ignored on a
computational level.  Whether or not it would would confuse people is
another matter.  It ain't the kinder, gentler Internet I jumped into
back in 1994!

-- 
Lindsay Haisley   | "Everything works if you let it"
FMP Computer Services |
512-259-1190  | - The Roadie
http://www.fmp.com|



--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-08 Thread Stephen J. Turnbull 
Glenn Sieb writes:

 > Then please work on your phrasing.

That times time and effort, which I will start saving right now.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-08 Thread Mark Sapiro 
On 05/08/2014 12:42 PM, Glenn Sieb wrote:
> 
> In the past, this was easy
> enough. The From: line was there with the OP's email address. Now, as
> far as I can tell, depending on the MUA the *poster* uses, there *might*
> be two Reply-Tos--one with the OP email, one with the list address. But
> that's not reliable, as it doesn't happen for ALL posters.


There will only be one Reply-To: header in outgoing mail from Mailman
per RFC 822/2822/5322.

With the DMARC mitigations, at least as of 2.1.18, this Reply-To: will
always contain the posters original From: address. Depending on the
first_strip_reply_to and reply_goes_to_list settings of the list and
whether or not there was a Reply-To: in the incoming mail, it may
contain other addresses too. It will never contain duplicate addresses.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-08 Thread Glenn Sieb 
It is not necessary to cc: me. I get list emails. Emails can go to the
list, unless you wish to take something private. Thank you.

On 5/7/14, 10:36 PM, Stephen J. Turnbull wrote:
> If you just want to vent, please say so.  I thought you were asking
> for help.

Then please work on your phrasing. You sounded very judgmental. "Are
you...*snip*...punishing them with a black hole" "They can always BCC
and you'll never know!"

They apparently set the max_num_recipients to 2 to help prevent spam
from making it onto the lists, as SA is fine and all, but is generally
crap for catching short URI spam.

And, again, what rules my list owners choose to have on their lists is
not my business, but frankly, I see nothing *wrong* with this, and it
makes a metric f*ckton of sense to me given the number of AOL and Yahoo
subscribers on some of the lists. Which makes this whole DMARC stuff
such an effing joke.

> If you want help, then the questions I asked are essential to doing a
> good job for your list owners.  There are two reasons for that.

If I felt what my users were asking for was unreasonable, I wouldn't
have bothered to bring it here. They'd *like* to see who's posting so if
they *choose* to reply privately they can. In the past, this was easy
enough. The From: line was there with the OP's email address. Now, as
far as I can tell, depending on the MUA the *poster* uses, there *might*
be two Reply-Tos--one with the OP email, one with the list address. But
that's not reliable, as it doesn't happen for ALL posters.

Hell, even a munged From: like:

"ges+lists at wingfoot dot org via Mailman-Users "

would be a vast improvement over:

"ges+lists--- via Mailman-Users "


Best,
--Glenn

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-08 Thread Jim Popovitch 
On Thu, May 8, 2014 at 11:44 AM, Stephen J. Turnbull  wrote:
> Joseph Brennan writes:
>  >
>  > "Stephen J. Turnbull"  wrote:
>  >
>  > >  > Honestly, they (one of the principal DMARC spec authors works for
>  > >  > Yahoo) ignored their own advice, imagine how well that would go
>  > >  > over in some other industries.
>
> I didn't write that, and I dissent from the implied sentiment.

I wrote it, and I have no idea why you need to sound like a lawyer
just to tell someone you didn't write something.  :-)   Or at least
you could have just said "Jim wrote that, not me"  :-)

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-08 Thread Stephen J. Turnbull 
Joseph Brennan writes:
 > 
 > "Stephen J. Turnbull"  wrote:
 > 
 > >  > Honestly, they (one of the principal DMARC spec authors works for
 > >  > Yahoo) ignored their own advice, imagine how well that would go
 > >  > over in some other industries.

I didn't write that, and I dissent from the implied sentiment.

Cheers

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-08 Thread Joseph Brennan 


"Stephen J. Turnbull"  wrote:


 > Honestly, they (one of the principal DMARC spec authors works for
 > Yahoo) ignored their own advice, imagine how well that would go
 > over in some other industries.


Let's not overlook Agari, which has a financial stake in offering a 
solution to the problem they helped create. Notice how many dmarc domains 
direct the reports to agari, from which, for a fee, they will get nice 
reports and metrics for their CIO to show around, reports that will show 
how many times their domain was "faked". Agari has an interest in making 
those numbers big, and mailing lists help them do it. The Agari web page 
boasts how many users they "protect", and it features the kind of slick 
writing that impresses people who don't know nuts and bolts.


One of the great failings on Yahoo's part was introducing a Change without 
notice to those affected, not even their own customers (to my knowledge). 
Even sloppy business owners should know not to do that.


Agari introduced "Agari PRO" April 1. Dmarc was pulled from standards track 
April 2. Yahoo implemented dmarc April 4. What was the rush?




Let's have some perspective: nobody died this time.


So true. In 100 years who will know the difference.


Joseph Brennan
Manager, Email and Systems Applications
Columbia University Information Technology




--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-07 Thread Stephen J. Turnbull 
Jim Popovitch writes:
 > On Wed, May 7, 2014 at 6:47 PM, Mark Sapiro  wrote:
 > > We are trying to talk with DMARC proponents,
 > 
 > You won't be successful until those people themselves figure out what
 > they are doing

That's true, but those folks (or, more accurately, their bosses) have
their shorts in a knot over the recent attacks.  I don't have a lot of
sympathy for the corporations which have a long history of half-baked
implementations, but our best bet is to help them figure it out.

 > (and then they agree to quit using the Internet as a testbed)  :-)

But there is no other.  I can't really blame them for eventually going
live, I just wish they tried harder to work and play well with others.

 > Honestly, they (one of the principal DMARC spec authors works for
 > Yahoo) ignored their own advice, imagine how well that would go
 > over in some other industries.

Happens all the time.  Ford Pinto gas tanks, space shuttle O-rings,
the list goes on.  Let's have some perspective: nobody died this time.
And I doubt the principal authors ignored their own advice; some PHB
did it.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-07 Thread Stephen J. Turnbull 
Glenn Sieb writes:

 > What my list owners want out of my lists, and what rules they
 > decide on for their lists, is not my business. By extension, it is
 > not yours.

If you just want to vent, please say so.  I thought you were asking
for help.

If you want help, then the questions I asked are essential to doing a
good job for your list owners.  There are two reasons for that.

(1) Users often request a feature that they believe accomplishes a
certain goal, but it does not.  All too often implementing that
feature does not satisfy their need, with attendant frustration
all around.  Letting the developer design the feature to achieve
the goal often (although not always) does a better job of
satisfying needs.

(2) Often either the current implementation of the program or the
nature of the world means that not all needs can be satisfied, and
a compromise must be suggested.  Knowing the goals (reasons why)
can help the designer suggest a better (accomplishes more goals
more fully) or more palatable (emphasizes more important goals)
compromise.

See my dialog with Peter Shute for an example of how such design can
succeed.  It's rare that we get 95%[1] success that way because of (2),
but my lack of understanding of his lists' requirements displayed at
the start is the usual case.

 > I'm just trying to see if there are better options out there.

And I'm just trying to understand what "better" means to you and your
list owners and subscribers.


Footnotes: 
[1]  Not yet 100% success because of the increased resource
requirement, which can be a blocker.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-07 Thread Jim Popovitch 
On Wed, May 7, 2014 at 6:47 PM, Mark Sapiro  wrote:
> We are trying to talk with DMARC proponents,

You won't be successful until those people themselves figure out what
they are doing (and then they agree to quit using the Internet as a
testbed)  :-)   Honestly, they (one of the principal DMARC spec
authors works for Yahoo) ignored their own advice, imagine how well
that would go over in some other industries.

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-07 Thread Mark Sapiro 
On 05/07/2014 12:45 PM, Glenn Sieb wrote:
> 
> It's ridiculous. And I want to know why, exactly, Yahoo Groups isn't
> being affected by this. They're not doing the "via YahooGroup" bit, or
> wrapping their mails. :-\ I'm betting they're not even honoring the
> DMARC from other providers.


Yahoo groups doesn't have problems with mail From: yahoo.com because
they send the mail with envelope from ...@returns.groups.yahoo.com which
passes SPF and aligns with the domain in From:, but the interesting
question is what do they do with a post From: aol.com. I haven't had
time to test that yet.

Note that google groups does the same From: munging that Mailman does,
and only for From: domains that publish DMARC p=reject.


> *sigh* I hate this frustration.


So do we all. The Mailman development community resents as much as
anyone being forced into this "here's what *we're* doing, now *you* have
to figure out how to deal with it" bind, but that's where we are. We are
trying to talk with DMARC proponents, and we're trying to figure out how
to mitigate the effects with the least possible disruption to users and
to long term, established standards and practices.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-07 Thread Glenn Sieb 
On 5/7/14, 12:08 AM, Stephen J. Turnbull wrote:
> What is the intent of the restriction?  Are you trying to get the
> users to use "reply to author" by punishing them with a black hole if
> they don't, and then set Reply-To to list-post so that nobody ever
> gets a personal reply?  Or is this intended to prevent people from
> including 3rd parties in the OP (of course, you can't -- they can
> always BCC and you'll never know)?

What my list owners want out of my lists, and what rules they decide on
for their lists, is not my business. By extension, it is not yours. I
provide them email lists, they ask for things that seem reasonable to
me. When those things suddenly are yanked away, they complain, and I'm
left holding the bag of trying to answer "why."

Your attempt to "explain away" the request by making it sound like some
kind of absurd policy is disingenuous at best.

> I suppose your users would get upset if you used
> dmarc_moderation_action = 'Wrap Message' instead of whichever_option =
> 'Mung From'?

Some use mobile devices. So there's the answer to that question.

> Given Mark's reply, probably you'll need use a custom Handler,
> whatever the requirements.  Is that acceptable (ie, you have the
> necessary accesses)?  N.B. It's possible to restrict use of Handlers
> to particular lists by giving them list-specific pipelines.

I'm just trying to see if there are better options out there. This DMARC
stuff is ridiculous. The providers aren't being blamed for this, we (the
mailing-list providers) are. Doesn't help that the users on services
responsible for the DMARC p=reject stuff aren't getting the bounces,
it's other people whose ISPs are respecting it who are, and they're the
ones who get bounced off of lists because it's *their* bounce score that
gets increased.

It's ridiculous. And I want to know why, exactly, Yahoo Groups isn't
being affected by this. They're not doing the "via YahooGroup" bit, or
wrapping their mails. :-\ I'm betting they're not even honoring the
DMARC from other providers.

*sigh* I hate this frustration.

Best,
--Glenn
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Barry Warsaw 
On May 06, 2014, at 05:17 PM, Glenn Sieb wrote:

>Fair enough. So, basically I'm fsck'd. Set the lists to be
>"anonymous_list" or set an explicit reply-to to be the lists and hope
>that strips out the extraneous reply-to entry.

Yes, and sadly it's forced on us by external policies.

I must admit that I'm sympathetic to John Levine's solution over in
mailman-developers.  His implementation adds `.invalid` to the domain in the
From header.  Yes it breaks the standards and you'd still have to explicitly
modify the headers in the reply (the ease of which depends on your MUA), but
it avoids tricky interactions with the already fragile and overloaded Reply-To
header munging, and points the finger in the direction of the original problem.

I need to read that whole thread and think about it some more.  It's painfully
clear that DMARC as defined and implemented today is poison to mailing lists,
and it's a shame that you, our dear users, are the canaries.  I hope we can
have some constructive discussions with the DMARC advocates about how to
restore usability to mailing lists in a DMARC pervasive world.

Cheers,
-Barry


signature.asc
Description: PGP signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Mark Sapiro 
On 05/06/2014 02:52 PM, Russell Clemings wrote:
> Is the existing change (making sure the poster's address is in the
> reply-to) available in a patch? I checked launchpad but if it's there I
> couldn't find it. I'd like to see if I can apply it to 2.1.17 while
> waiting for cPanel to upgrade to 2.1.18.


The actual change is the CookHeaders.py diff at
,
but there are other changes in CookHeaders.py and other modules since
2.1.17 that impact this as well so you can't just apply that patch. In
fact, the stuff that's being changed isn't even there in 2.1.17.

It's very convoluted and fragile and touches things like new list
settings as well, and I don't know how it plays with cPanel's mods. It
would almost turn into a full upgrade to 2.1.18.

I'm advising you to not try it.


> FWIW, I'd vote against a rollback to the earlier behavior. I got several
> complaints about the poster's email address going missing. So I ended up
> setting first_strip_reply_to to "No," which of course is also a problem
> because I have max_num_recipients set pretty low (4).


Thanks for voting.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Russell Clemings 
Is the existing change (making sure the poster's address is in the
reply-to) available in a patch? I checked launchpad but if it's there I
couldn't find it. I'd like to see if I can apply it to 2.1.17 while waiting
for cPanel to upgrade to 2.1.18.

FWIW, I'd vote against a rollback to the earlier behavior. I got several
complaints about the poster's email address going missing. So I ended up
setting first_strip_reply_to to "No," which of course is also a problem
because I have max_num_recipients set pretty low (4).

rac


On Tue, May 6, 2014 at 2:48 PM, Mark Sapiro  wrote:

> On 05/06/2014 02:36 PM, Glenn Sieb wrote:
> > On 5/6/14, 5:31 PM, Mark Sapiro wrote:
>
> >> I could always add yet another setting, but I hate that idea for
> >> multiple reasons.
> >>
> >
> > Can there be an option somewhere in between "anonymous_list" and
> > "reply_goes_to_list?" One where it can strip the poster's email from the
> > reply-to, but leave the other headers alone?
>
>
> That's covered in my sentence above.
>
> Anyway, that's a decision for the next release, which hopefully isn't
> 'imminent'.
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/rclemings%40gmail.com
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Mark Sapiro 
On 05/06/2014 02:36 PM, Glenn Sieb wrote:
> On 5/6/14, 5:31 PM, Mark Sapiro wrote:

>> I could always add yet another setting, but I hate that idea for
>> multiple reasons.
>>
> 
> Can there be an option somewhere in between "anonymous_list" and
> "reply_goes_to_list?" One where it can strip the poster's email from the
> reply-to, but leave the other headers alone?


That's covered in my sentence above.

Anyway, that's a decision for the next release, which hopefully isn't
'imminent'.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Lindsay Haisley 
On Tue, 2014-05-06 at 14:31 -0700, Mark Sapiro wrote:
> I am willing to consider changing this, either to treat Reply-To:
> differently for Wrap Message since the original headers are in the
> wrapped message in that case, or to just go back to not adding the
> poster's address to Reply-To: as in my initial paragraph above.
> 
> However, I need more feedback from the community before making changes.
> I could always add yet another setting, but I hate that idea for
> multiple reasons. 

It's ugly, but having yet another switch seems to me to be the only way
to handle this.  Having the poster's address in Reply-To: is the only
way to address the information loss implied by the necessary change to
the From: header, especially for MUAs that expose only the address
comment and not the actual address, and especially for subscribers who
are not technically inclined and wish to simply hit "reply" and get a
reply to the original author.

This _should_ be a matter of choice for list admins, even if it seems
that they're already overloaded with choices pursuant to addressing the
DMARC issue.  Until something better comes along, we're just going to
have to deal with it.

-- 
Lindsay Haisley   | "Everything works if you let it"
FMP Computer Services |
512-259-1190  |  --- The Roadie
http://www.fmp.com|

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Glenn Sieb 
On 5/6/14, 5:31 PM, Mark Sapiro wrote:
> I went back and forth with this. Initially, if first_strip_reply_to was
> Yes and reply_goes_to_list was This list or Explicit address, I didn't
> put the poster's address in Reply-To:
> 
> I finally decided it was of overriding importance to expose the posters
> address to enable off list (or non-list member) replies, and this
> warranted breaking the previous Reply-To: header munging options semantics.
> 
> I am willing to consider changing this, either to treat Reply-To:
> differently for Wrap Message since the original headers are in the
> wrapped message in that case, or to just go back to not adding the
> poster's address to Reply-To: as in my initial paragraph above.
> 
> However, I need more feedback from the community before making changes.
> I could always add yet another setting, but I hate that idea for
> multiple reasons.
> 

Can there be an option somewhere in between "anonymous_list" and
"reply_goes_to_list?" One where it can strip the poster's email from the
reply-to, but leave the other headers alone?

Best,
--Glenn

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Mark Sapiro 
On 05/06/2014 02:17 PM, Glenn Sieb wrote:
> 
> Fair enough. So, basically I'm fsck'd. Set the lists to be
> "anonymous_list" or set an explicit reply-to to be the lists and hope
> that strips out the extraneous reply-to entry.


I went back and forth with this. Initially, if first_strip_reply_to was
Yes and reply_goes_to_list was This list or Explicit address, I didn't
put the poster's address in Reply-To:

I finally decided it was of overriding importance to expose the posters
address to enable off list (or non-list member) replies, and this
warranted breaking the previous Reply-To: header munging options semantics.

I am willing to consider changing this, either to treat Reply-To:
differently for Wrap Message since the original headers are in the
wrapped message in that case, or to just go back to not adding the
poster's address to Reply-To: as in my initial paragraph above.

However, I need more feedback from the community before making changes.
I could always add yet another setting, but I hate that idea for
multiple reasons.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Glenn Sieb 
On 5/6/14, 4:29 PM, Mark Sapiro wrote:
> Do you mean Privacy options... -> Recipient filters ->
> max_num_recipients = 2
> 
> If so, ouch, but what do you do now when people reply-all to posts.
> Don't those replies get held?

Indeed. They get rejected. Policy on a couple particular lists. No cc's,
no using the address on web-forms (i.e. "greeting card sites") etc.

> This is specifically advised against by the DMARC community. See the
> NOTE: in the Requirements: section at
> .

Fair enough. So, basically I'm fsck'd. Set the lists to be
"anonymous_list" or set an explicit reply-to to be the lists and hope
that strips out the extraneous reply-to entry.

Or, as you said above, "ouch" and having to deal with a metric crapton
of ID-10t users not cleaning up the To: line when they reply and dealing
with clearing the moderation queue since we can't edit posts held for
moderation easily.

Best,
--G.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.

2014-05-06 Thread Mark Sapiro 
On 05/06/2014 12:47 PM, Glenn Sieb wrote:
> 
> So I updated to 2.1.18-1 today. Now we have a Reply-To that has the
> poster's email and the list's email address.
> 
> A few of the lists I run block emails with more than one recipient,


Do you mean Privacy options... -> Recipient filters ->
max_num_recipients = 2

If so, ouch, but what do you do now when people reply-all to posts.
Don't those replies get held?


> I wonder if this solution might be more helpful here--something like
> what Google Groups is doing. Changing the From line to this:
> 
> 'First Last ' via List Title
> 


This is specifically advised against by the DMARC community. See the
NOTE: in the Requirements: section at
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org