[ClusterLabs] Antw: Re: Antw: [EXT] Re: @ maillist Admins ‑ DMARC (yahoo)

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Wed Jul 14 03:21:04 EDT 2021 

>>> <kgaillot at redhat.com> schrieb am 13.07.2021 um 16:04 in Nachricht
<dda37468bacd0ad6508289a33e654c8db1abc5c2.camel at redhat.com>:
> On Tue, 2021-07-13 at 10:23 +0200, Ulrich Windl wrote:
>> > > > <kgaillot at redhat.com> schrieb am 12.07.2021 um 16:50 in
>> > > > Nachricht
>> 
>> <08471514b28d1e3f6859707f5951f07887336865.camel at redhat.com>:
>> > On Sat, 2021‑07‑10 at 12:34 +0100, lejeczek wrote:
>> > > Hi Admins(of this mailing list)
>> > > 
>> > > Could you please fix in DMARC(s) so those of us who are on 
>> > > Yahoo would be able to receive own emails/thread.
>> > > 
>> > > many thanks, L.
>> > 
>> > I suppose we should do something, since this is likely to be more
>> > of an
>> > issue as time goes on. Unfortunately, it's not as simple as
>> > flipping a
>> > switch. These are the two reasonable choices:
>> > 
>> > 
>> > (1) Change the "From" on list messages so that they appear to be
>> > from
>> > the list, rather than the poster. For example, your posts would
>> > show up
>> > as "From: lejeczek via ClusterLabs Users <users at clusterlabs.org>"
>> > rather than "From: lejeczek <peljasz at yahoo.co.uk>". This is less
>> > intrusive but makes it more difficult to reply directly to the
>> > sender,
>> > add the sender to an address book, etc.
>> > 
>> > 
>> > (2) Stop adding [ClusterLabs] to subject lines, setting ReplyTo: to
>> > the
>> > list instead of original author, and adding the list signature.
>> > This is
>> > more standards‑compliant, since the List‑* headers can still be
>> > used
>> > for filtering, unsubscribing, and replying to the list, but not all
>> > mail clients make those easy to use.
>> > 
>> > 
>> > Anyone have preferences for one over the other?
>> 
>> I have no idea about DMARC, so I'm qualified for an opinion ;-)
>> My guess is that the changes mentioned to the original message make
>> the DMARC
>> signature invalid.
> 
> Right
> 
>> IMHO the best solution would be to (if at all) chack DMARC on
>> receipt, and
>> "re-sign" before sending it out to the list.
> 
> Only the sender's domain mailers have the signing key. Once our mailing
> list server receives it, we can't modify the existing body or headers
> without breaking the DMARC (DKIM) signature. (Changing the "From" works
> because at that point the message is no longer from the DMARC-protected 
> domain.)

What I meant is:
The original signature confirms that the message is from the submitter
(author).
After mangling the message, you can't re-testify that the message is still
from that author, but you can testify that the message is from the list.
(And maybe the list can add a remark whether the original message looked
authentic)

Regards,
Ulrich

> 
>> 
>> Regards,
>> Ulrich
>> 
>> > 
>> > (Less reasonable options include wrapping every post in MIME, and
>> > disallowing users from DMARC domains to post to the list.)
> -- 
> Ken Gaillot <kgaillot at redhat.com>
> 
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users 
> 
> ClusterLabs home: https://www.clusterlabs.org/

More information about the Users mailing list