Re: [Bitcoin-development] Mailman incompatibility with DKIM ...

[Adam Weiss <adam@signal11.com>]

[-- Attachment #1: Type: text/plain, Size: 2642 bytes --]

Hi Warren,

If you set dmarc_moderation_action to "Munge from", the list will detect
when someone posts from a domain that publishes a request for strict
signature checking for all mails originating from it (in DNS) and rewrite
the envelope-from to the list's address.  Reply-to will be added and set to
the original sender.

I think that this is probably a better way to workaround the issue (rather
than playing with getting the list to not break the signature) until these
things mature further.

Thoughts?

--adam




On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <wtogami@gmail.com>
wrote:

> On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote:
>
>> The new list currently has footers removed during testing.  I am not
>>> pleased with the need to remove the subject tag and footer to be more
>>> compatible with DKIM users.
>>>
>>
>> Lists can do what are effectively MITM attacks on people's messages in
>> any way they like, if they resign for the messages themselves. That seems
>> fair to me!  :)
>>
>
> Mailman isn't resigning it.  Should it be?  Does other mailing list
> software?
>
>
>>
>>
>>>  I'm guessing DKIM enforcement is not very common because of issues like
>>> this?
>>>
>>
>> DKIM is used by most mail on the internet. DMARC rules that publish in
>> DNS statements like "All mail from bitpay.com is signed correctly so
>> trash any that isn't" are used on some of the worlds most heavily phished
>> domains like google.com, PayPal, eBay, and indeed BitPay.
>>
>> These rules are understood and enforced by all major webmail providers
>> including Gmail. It's actually only rusty geek infrastructure that has
>> problems with this, I've never heard of DKIM/DMARC users having issues
>> outside of dealing with mailman. The vast majority of email users who never
>> post to technical mailing lists benefit from it significantly.
>>
>> Really everyone should use them. Adding cryptographic integrity to email
>> is hardly a crazy idea :)
>>
>
> I understand the reason to protect the "heavily phished" domains.  I heard
> that LKML does not modify the subject or add a footer, perhaps because it
> would make it incompatible with DKIM of the several big corporate domains
> who participate.
>
> I suppose it is somewhat acceptable for us to remove subject tags and
> footers if we have no choice...
>
> Warren
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 4725 bytes --]