>>> <kgail...@redhat.com> schrieb am 13.07.2021 um 16:04 in Nachricht <dda37468bacd0ad6508289a33e654c8db1abc5c2.ca...@redhat.com>: > On Tue, 2021-07-13 at 10:23 +0200, Ulrich Windl wrote: >> > > > <kgail...@redhat.com> schrieb am 12.07.2021 um 16:50 in >> > > > Nachricht >> >> <08471514b28d1e3f6859707f5951f07887336865.ca...@redhat.com>: >> > On Sat, 2021‑07‑10 at 12:34 +0100, lejeczek wrote: >> > > Hi Admins(of this mailing list) >> > > >> > > Could you please fix in DMARC(s) so those of us who are on >> > > Yahoo would be able to receive own emails/thread. >> > > >> > > many thanks, L. >> > >> > I suppose we should do something, since this is likely to be more >> > of an >> > issue as time goes on. Unfortunately, it's not as simple as >> > flipping a >> > switch. These are the two reasonable choices: >> > >> > >> > (1) Change the "From" on list messages so that they appear to be >> > from >> > the list, rather than the poster. For example, your posts would >> > show up >> > as "From: lejeczek via ClusterLabs Users <users@clusterlabs.org>" >> > rather than "From: lejeczek <pelj...@yahoo.co.uk>". This is less >> > intrusive but makes it more difficult to reply directly to the >> > sender, >> > add the sender to an address book, etc. >> > >> > >> > (2) Stop adding [ClusterLabs] to subject lines, setting ReplyTo: to >> > the >> > list instead of original author, and adding the list signature. >> > This is >> > more standards‑compliant, since the List‑* headers can still be >> > used >> > for filtering, unsubscribing, and replying to the list, but not all >> > mail clients make those easy to use. >> > >> > >> > Anyone have preferences for one over the other? >> >> I have no idea about DMARC, so I'm qualified for an opinion ;-) >> My guess is that the changes mentioned to the original message make >> the DMARC >> signature invalid. > > Right > >> IMHO the best solution would be to (if at all) chack DMARC on >> receipt, and >> "re-sign" before sending it out to the list. > > Only the sender's domain mailers have the signing key. Once our mailing > list server receives it, we can't modify the existing body or headers > without breaking the DMARC (DKIM) signature. (Changing the "From" works > because at that point the message is no longer from the DMARC-protected > domain.)
What I meant is: The original signature confirms that the message is from the submitter (author). After mangling the message, you can't re-testify that the message is still from that author, but you can testify that the message is from the list. (And maybe the list can add a remark whether the original message looked authentic) Regards, Ulrich > >> >> Regards, >> Ulrich >> >> > >> > (Less reasonable options include wrapping every post in MIME, and >> > disallowing users from DMARC domains to post to the list.) > -- > Ken Gaillot <kgail...@redhat.com> > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
