[ClusterLabs] Antw: [EXT] Re: @ maillist Admins ‑ DMARC (yahoo)

kgaillot at redhat.com kgaillot at redhat.com
Tue Jul 13 10:04:57 EDT 2021 

On Tue, 2021-07-13 at 10:23 +0200, Ulrich Windl wrote:
> > > > <kgaillot at redhat.com> schrieb am 12.07.2021 um 16:50 in
> > > > Nachricht
> 
> <08471514b28d1e3f6859707f5951f07887336865.camel at redhat.com>:
> > On Sat, 2021‑07‑10 at 12:34 +0100, lejeczek wrote:
> > > Hi Admins(of this mailing list)
> > > 
> > > Could you please fix in DMARC(s) so those of us who are on 
> > > Yahoo would be able to receive own emails/thread.
> > > 
> > > many thanks, L.
> > 
> > I suppose we should do something, since this is likely to be more
> > of an
> > issue as time goes on. Unfortunately, it's not as simple as
> > flipping a
> > switch. These are the two reasonable choices:
> > 
> > 
> > (1) Change the "From" on list messages so that they appear to be
> > from
> > the list, rather than the poster. For example, your posts would
> > show up
> > as "From: lejeczek via ClusterLabs Users <users at clusterlabs.org>"
> > rather than "From: lejeczek <peljasz at yahoo.co.uk>". This is less
> > intrusive but makes it more difficult to reply directly to the
> > sender,
> > add the sender to an address book, etc.
> > 
> > 
> > (2) Stop adding [ClusterLabs] to subject lines, setting ReplyTo: to
> > the
> > list instead of original author, and adding the list signature.
> > This is
> > more standards‑compliant, since the List‑* headers can still be
> > used
> > for filtering, unsubscribing, and replying to the list, but not all
> > mail clients make those easy to use.
> > 
> > 
> > Anyone have preferences for one over the other?
> 
> I have no idea about DMARC, so I'm qualified for an opinion ;-)
> My guess is that the changes mentioned to the original message make
> the DMARC
> signature invalid.

Right

> IMHO the best solution would be to (if at all) chack DMARC on
> receipt, and
> "re-sign" before sending it out to the list.

Only the sender's domain mailers have the signing key. Once our mailing
list server receives it, we can't modify the existing body or headers
without breaking the DMARC (DKIM) signature. (Changing the "From" works
because at that point the message is no longer from the DMARC-protected 
domain.)

> 
> Regards,
> Ulrich
> 
> > 
> > (Less reasonable options include wrapping every post in MIME, and
> > disallowing users from DMARC domains to post to the list.)
-- 
Ken Gaillot <kgaillot at redhat.com>

More information about the Users mailing list