Re: DMARC/DKIM and OpenBSD Mailinglists
On Fri, 22 Mar 2024 08:16:22 -, Stuart Henderson wrote: > I've got to say, I find the From rewrites less annoying than not > scrubbing MIME parts, though I'd prefer if Reply-To was set (to > list+sender, leaving any Mail-Followup-To in place). Many lists have > done this (often for all senders, not just those with published > DMARC policy) and, after a period of adjustment to get used to it, > it's not so bad. That's certainly possible and I think it would elininate the problem of not being able to easily reply to the sender. - todd
Re: DMARC/DKIM and OpenBSD Mailinglists
On Fri, Mar 22, 2024 at 4:41 PM Stuart Henderson wrote: > On 2024-03-22, Odhiambo Washington wrote: > > --3aa8dc06143b8cab > > Content-Type: text/plain; charset="UTF-8" > > Content-Transfer-Encoding: quoted-printable > > > > On Fri, Mar 22, 2024 at 11:18=E2=80=AFAM Stuart Henderson > > opper.org> > > wrote: > > > >> On 2024-03-21, Roderick wrote: > >> > --e4360006142cfd57 > >> > Content-Type: text/plain; charset=3D"UTF-8" > >> > Content-Transfer-Encoding: quoted-printable > >> > > >> > Is it not ARC meant to be the solution for > >> > this problem? > >> > >> That was sort-of the idea, but it requires mail server admins to decide > >> which ARC signers (i.e. mailing list servers) to trust. Recently gmail > >> haven't even been trusting mailing list servers to send emails with the > >> same message-id to multiple recipients... > >> > >> Don't use gmail unless you don't mind missing some mails. > >> > >> I've got to say, I find the From rewrites less annoying than not > >> scrubbing MIME parts, though I'd prefer if Reply-To was set (to > >> list+sender, leaving any Mail-Followup-To in place). Many lists have > >> done this (often for all senders, not just those with published > >> DMARC policy) and, after a period of adjustment to get used to it, > >> it's not so bad. > >> > > > > Is there a reason that bars OBSD List Admins from using Mailman3?? > > No need to, I'd say. That doesn't magically fix anything, is a bit of > a nuisance to install and keep updated, and majordomo can be modified > anyway. > All the sites I know, including the ones that I run (installed and managed by me) don't have these issues you're having an endless thread about. Mailman3 is Open Source. Runs easily in a Python virtualenv in production. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Re: DMARC/DKIM and OpenBSD Mailinglists
On 2024-03-22, Odhiambo Washington wrote: > --3aa8dc06143b8cab > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > On Fri, Mar 22, 2024 at 11:18=E2=80=AFAM Stuart Henderson opper.org> > wrote: > >> On 2024-03-21, Roderick wrote: >> > --e4360006142cfd57 >> > Content-Type: text/plain; charset=3D"UTF-8" >> > Content-Transfer-Encoding: quoted-printable >> > >> > Is it not ARC meant to be the solution for >> > this problem? >> >> That was sort-of the idea, but it requires mail server admins to decide >> which ARC signers (i.e. mailing list servers) to trust. Recently gmail >> haven't even been trusting mailing list servers to send emails with the >> same message-id to multiple recipients... >> >> Don't use gmail unless you don't mind missing some mails. >> >> I've got to say, I find the From rewrites less annoying than not >> scrubbing MIME parts, though I'd prefer if Reply-To was set (to >> list+sender, leaving any Mail-Followup-To in place). Many lists have >> done this (often for all senders, not just those with published >> DMARC policy) and, after a period of adjustment to get used to it, >> it's not so bad. >> > > Is there a reason that bars OBSD List Admins from using Mailman3?? No need to, I'd say. That doesn't magically fix anything, is a bit of a nuisance to install and keep updated, and majordomo can be modified anyway.
Re: DMARC/DKIM and OpenBSD Mailinglists
On Fri, Mar 22, 2024 at 11:18 AM Stuart Henderson wrote: > On 2024-03-21, Roderick wrote: > > --e4360006142cfd57 > > Content-Type: text/plain; charset="UTF-8" > > Content-Transfer-Encoding: quoted-printable > > > > Is it not ARC meant to be the solution for > > this problem? > > That was sort-of the idea, but it requires mail server admins to decide > which ARC signers (i.e. mailing list servers) to trust. Recently gmail > haven't even been trusting mailing list servers to send emails with the > same message-id to multiple recipients... > > Don't use gmail unless you don't mind missing some mails. > > I've got to say, I find the From rewrites less annoying than not > scrubbing MIME parts, though I'd prefer if Reply-To was set (to > list+sender, leaving any Mail-Followup-To in place). Many lists have > done this (often for all senders, not just those with published > DMARC policy) and, after a period of adjustment to get used to it, > it's not so bad. > Is there a reason that bars OBSD List Admins from using Mailman3?? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Re: DMARC/DKIM and OpenBSD Mailinglists
On 2024-03-21, Roderick wrote: > --e4360006142cfd57 > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > Is it not ARC meant to be the solution for > this problem? That was sort-of the idea, but it requires mail server admins to decide which ARC signers (i.e. mailing list servers) to trust. Recently gmail haven't even been trusting mailing list servers to send emails with the same message-id to multiple recipients... Don't use gmail unless you don't mind missing some mails. I've got to say, I find the From rewrites less annoying than not scrubbing MIME parts, though I'd prefer if Reply-To was set (to list+sender, leaving any Mail-Followup-To in place). Many lists have done this (often for all senders, not just those with published DMARC policy) and, after a period of adjustment to get used to it, it's not so bad.
Re: DMARC/DKIM and OpenBSD Mailinglists
Moin, > Is it not ARC meant to be the solution for > this problem? Yeah, technically, ARC _should_ help with this. However, in practice, trusting ARC is not really that common. > Would DMARC then consider the original > DKIM and SPF tests? Kind of; DMARC would trust the signed ARC headers that evaluated the original SPF/DKIM situation upon first receipt. With best regards, Tobias
Re: DMARC/DKIM and OpenBSD Mailinglists
Is it not ARC meant to be the solution for this problem? Would DMARC then consider the original DKIM and SPF tests? Todd C. Miller schrieb am Mi., 13. März 2024, 14:56: > I've just added support to our majordomo for rewriting the From: > header when the sender's domain has a DMARC policy. Messages from > domains using DMARC will now have a From: header like: > > From: "John Connor via misc" > > and the original From: address is preserved in the X-Original-From: > header if one is not already present. > > This seems like the only reliable way to address the problem given > that the mailing list server often reformats or otherwise modifies > the message body. > > The rewriting currently happens even for a DMARC policy of "none" > since some large senders (for example gmail.com) use a policy of > "none" but receivers may still enforce SPF. I could relax this but > I worry that doing so will lower the IP or domain "reputation" in > Google's eyes (something that is already a black box). > > - todd > >
Re: DMARC/DKIM and OpenBSD Mailinglists
Moin, > I am intentionally double-posting this email (once from my personal > domain, once from reads-this-mailinglist.com) to see how well > preserving messages as sent works/impacts deliverability. Some results on this: For the mail from @reads-this-mailinglist.com all DMARC reports indicated successful delivery. With the mail from fiebig.nl (p=reject, SPF -all), a handful of mails were either quarantined (11) or rejected (4) due to a DKIM missmatch/validation failure. Most of these were from providers that simultaneously saw messages with valid DKIM. I would suspect that this is due to some subscribers having features active that still require changes to mails that are incompatible with DKIM's signed headers for this domain. However, in general, this is still a relatively low amount of missed messages; So i'd say that the current solution also works. With best regards, Tobias
Re: DMARC/DKIM and OpenBSD Mailinglists
Moin, > > I've disabled the From: rewriting for now after complaints that it > makes things a lot less usable. We'll try preserving messages as > sent instead, which means that text/html parts will now be passed > through (sorry). > Darn, but i see where this can break the workflow of people. I am intentionally double-posting this email (once from my personal domain, once from reads-this-mailinglist.com) to see how well preserving messages as sent works/impacts deliverability. Will let you know :-) With best regards, Tobias
Re: DMARC/DKIM and OpenBSD Mailinglists
Moin, > > I've disabled the From: rewriting for now after complaints that it > makes things a lot less usable. We'll try preserving messages as > sent instead, which means that text/html parts will now be passed > through (sorry). > Darn, but i see where this can break the workflow of people. I am intentionally double-posting this email (once from my personal domain, once from reads-this-mailinglist.com) to see how well preserving messages as sent works/impacts deliverability. Will let you know :-) With best regards, Tobias
Re: DMARC/DKIM and OpenBSD Mailinglists
I notice date an time of your reply. You are quite ridiculus all. Hoping to find any "indipendent head" around OpenBSD or leave.. -Dan Mar 15, 2024 17:13:52 Dan : > Todd C. Miller : > >> I've disabled the From: rewriting > > Indeed it appeared too secure for OpenBSD...
Re: DMARC/DKIM and OpenBSD Mailinglists
Todd C. Miller : > I've disabled the From: rewriting Indeed it appeared too secure for OpenBSD...
Re: DMARC/DKIM and OpenBSD Mailinglists
Todd C. Miller wrote: > I've just added support to our majordomo for rewriting the From: > header when the sender's domain has a DMARC policy. Messages from > domains using DMARC will now have a From: header like: > > From: "John Connor via misc" I want to thank you for the From rewriting. And, opinion, glad for the feature I wish everyone will take advantage on it (eg. not using more to CC to personal accounts)
Re: DMARC/DKIM and OpenBSD Mailinglists
On Wed, 13 Mar 2024 11:54:14 -0600, Todd C. Miller wrote: > I've just added support to our majordomo for rewriting the From: > header when the sender's domain has a DMARC policy. Messages from > domains using DMARC will now have a From: header like: > > From: "John Connor via misc" > > and the original From: address is preserved in the X-Original-From: > header if one is not already present. > > This seems like the only reliable way to address the problem given > that the mailing list server often reformats or otherwise modifies > the message body. I've disabled the From: rewriting for now after complaints that it makes things a lot less usable. We'll try preserving messages as sent instead, which means that text/html parts will now be passed through (sorry). - todd
Re: DMARC/DKIM and OpenBSD Mailinglists
Moin, On Wed, 2024-03-13 at 11:54 -0600, Todd C. Miller wrote: > I've just added support to our majordomo for rewriting the From: > header when the sender's domain has a DMARC policy. Messages from > domains using DMARC will now have a From: header like: Awesome, thanks! > I could relax this but I worry that doing so will lower the IP or > domain "reputation" in Google's eyes (something that is already a > black box). Yeah, it tends to be... difficult. Did you already give https://email-security-scans.org/ a spin? Small service we threw together, checking some stuff about sending behavior. With best regards, Tobias
Re: DMARC/DKIM and OpenBSD Mailinglists
On March 13, 2024 1:54:14 PM EDT, "Todd C. Miller" wrote: >I've just added support to our majordomo for rewriting the From: >header when the sender's domain has a DMARC policy. Messages from >domains using DMARC will now have a From: header like: > >From: "John Connor via misc" > >and the original From: address is preserved in the X-Original-From: >header if one is not already present. > >This seems like the only reliable way to address the problem given >that the mailing list server often reformats or otherwise modifies >the message body. > >The rewriting currently happens even for a DMARC policy of "none" >since some large senders (for example gmail.com) use a policy of >"none" but receivers may still enforce SPF. I could relax this but >I worry that doing so will lower the IP or domain "reputation" in >Google's eyes (something that is already a black box). > > - todd > Thank you! -Josh-
Re: DMARC/DKIM and OpenBSD Mailinglists
I've just added support to our majordomo for rewriting the From: header when the sender's domain has a DMARC policy. Messages from domains using DMARC will now have a From: header like: From: "John Connor via misc" and the original From: address is preserved in the X-Original-From: header if one is not already present. This seems like the only reliable way to address the problem given that the mailing list server often reformats or otherwise modifies the message body. The rewriting currently happens even for a DMARC policy of "none" since some large senders (for example gmail.com) use a policy of "none" but receivers may still enforce SPF. I could relax this but I worry that doing so will lower the IP or domain "reputation" in Google's eyes (something that is already a black box). - todd
