From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/19091 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.gnus.user Subject: Re: From and Reply-To mangling?! Date: Sat, 28 Dec 2019 15:39:50 +0100 Message-ID: <87fth4zf7t.fsf@gmx.de> References: <87k16htf80.fsf@tullinup.koldfront.dk> <87v9q1hwaa.fsf@gnu.org> <87r20od3gp.fsf@gnus.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="64354"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: Amin Bandali , info-gnus-english@gnu.org To: Lars Ingebrigtsen Original-X-From: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Sat Dec 28 15:40:22 2019 Return-path: Envelope-to: gegu-info-gnus-english@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1ilDGP-000GZf-TK for gegu-info-gnus-english@m.gmane.org; Sat, 28 Dec 2019 15:40:22 +0100 Original-Received: from localhost ([::1]:43804 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilDGO-0004bi-EC for gegu-info-gnus-english@m.gmane.org; Sat, 28 Dec 2019 09:40:20 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:35024) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilDG1-0004bR-Tk for info-gnus-english@gnu.org; Sat, 28 Dec 2019 09:40:01 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ilDG0-000694-3X for info-gnus-english@gnu.org; Sat, 28 Dec 2019 09:39:57 -0500 Original-Received: from mout.gmx.net ([212.227.15.15]:60697) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ilDFx-0005pi-5c; Sat, 28 Dec 2019 09:39:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1577543991; bh=m/jzhCQeSOvneIvvhBnlfzMaQbrQVZgWTqNzEU+ueQk=; h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To; b=idDzRahOPZ/FzMCkV5HcCRmZDyMFFEuv2VJD1mb6o7ol8qgPDqaZ+2dMi7Cq2JNvf C1t5H5ZtCh6Fgtb/Cry+DOeTuKlaExqdW1G0S5STMyZF2wk2VJKzDjf6G/KQvykpKI uj/BMK5jO2lKD8pLb9zjZTAIlnxz9OWoGBZNCZHw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Original-Received: from detlef.gmx.de ([212.86.60.58]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MpDNl-1jY0C141K3-00qlKF; Sat, 28 Dec 2019 15:39:51 +0100 In-Reply-To: <87r20od3gp.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sat, 28 Dec 2019 13:44:38 +0100") X-Provags-ID: V03:K1:C+x7gKhAGt0D67RfiSFyRtW66ped50daPCtPKUg7n+F+71xAsRG x91aXdLvN7elu9vu68SBQASWyfTaTWTlXN7J1T8kqZGvkWqJH2Gp0bEViPLH9hnOu7twOan jclPUscHXusNtmtMtRuTUdE+01Ic9MM6aUfFmoOKVuoMmBNlhk9nUGTzyiLG0nup2tx5bmW IcOliadCws/C2pH1eHL0Q== X-UI-Out-Filterresults: notjunk:1;V03:K0:mcEvGVRquDE=:h+X4chQvxcCF8HYBcngBhJ WIno9F4NADpGw43bOIHVTTxwNXnTSouU2FNnKOK9MLgsAFOk9p0Xa7C0H3hhda0ZGfBvIXyHf LgvKDdy37OAshS8sNpm1nY1gIznVzADLfWz8qgXr+N3gG9V/9dkPDcpPt8NEG7js01emvW5Fc 3Fhb/czzC72qqGVzETDbaf5EnORQ0zymdaCzLHbHdJCMtXcqmbg1EngA6EaSTzeCdfu69k1A/ wrfymtf1/atM+GUVnruKqTWzWTWm6OlqqzdNQhVOgXwFJLbaWJKv+DsdCHcDtUJxrDI0jNPxL I57TGg0jEHqVUyjE4Cb47mwH9+A0VBu1vfZZzlxcBvwA7wO5lyLmfzoilu+pP2wOkf67uR188 hFtlqWH/HQfdk7nRsboWYNrHaOhnRCTKLzjtHykar+W6WB543rP2svUIxa1TmJbwW4A+jhIU7 m5DuWxsatXiWJ792cSPKBUeFkHbHc+Niyrr2DK3l5IAK677jNM5aaCd6abP6QqnzK7sLTRJbD fLh3DHsAfi3rWGLWzLQ5M6smAE5niwQIjhvcFjisVMqRnrOqoZAhXHOzHx3JfYYSLo+t4sJ2A 1v8oG66ri4fAJ1oyhv+Y5jB39bzlonz/M33LKxkZOmUd+QgOxHP5LDkr0De0JjxMxrVd5M58N enniqsJfKIdfJrQJb3tnzTWUseybRJ6cP836EdZ9HPPI5zNEWA9zSOVdF1TAHvBxrm5TNoEsM n995+vPLgnlRSNC8b2iDDY6CftLaybNMuSmUaSz6cIZG2QD+jgP2g9bdHdpVvETfZW2enmz5 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 212.227.15.15 X-BeenThere: info-gnus-english@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Announcements and discussions for GNUS, the GNU Emacs Usenet newsreader \(in English\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Original-Sender: "info-gnus-english" Xref: news.gmane.org gmane.emacs.gnus.user:19091 Archived-At: --=-=-= Content-Type: text/plain Lars Ingebrigtsen writes: > Anybody know how we can get the admin of this list to stop the dmarc > munging? It's really annoying. The appended message has been sent some weeks ago. Best regards, Michael. --=-=-= Content-Type: message/rfc822 Content-Disposition: attachment From: Ian Kelling Subject: DMARC related changes starting this week for FSF hosted Mailman lists To: gnu-prog@gnu.org Date: Mon, 17 Jun 2019 22:19:45 -0400 (27 weeks, 4 days, 12 hours ago) Reply-To: gnu-prog-discuss@gnu.org X-Boundary: __________________________________________________________________________________________________________________________________________ Over the next few days, the Free Software Foundation will be making changes to our GNU Mailman systems, including lists.gnu.org, lists.nongnu.org, lists.libreplanet.org, lists.fsf.org, and lists.endsoftwarepatents.org, in order to address mailing list deliverability issues reported by many users. Messages sent from users with strict DMARC policy domains like yahoo.com are often being rejected when sent to list subscribers by Mailman. See the end of this email for a technical overview of DMARC and DKIM. There are two ways to fix the issue by changing Mailman list settings. The first option, and the preferable way for discussion lists, is what we call the "unmodified message fix." There are Mailman list settings which modify the messages by adding a subject prefix (e.g. [list-name]) or a footer. Modifying the message breaks DKIM message signatures and thus DMARC. Following this option, we would turn those settings off. Many lists are already this way and there is no change for them. Instead of using the subject prefix to identify a list, subscribers should use the "List-Id" header, To, and Cc. List footer information can also be be put in the welcome email to subscribers and the list information page by list administrators. Related to this, on June 7th, we upgraded the version Mailman that we run. This fixed a bug where we were breaking the DKIM signature of any reply message. The second option is for lists which want or need to continue to modify the message, for example with subject prefix or footer settings. We would enable a Mailman list setting called dmarc_moderation_action: "Munge From". With this setting, if a strict DMARC sender sends to the list, we alter the headers of that message like so: A message sent to the list: To: alist@gnu.org From: Anne Example Person Subject: Hi, I have a suggestion to improve x The message Mailman sends to list subscribers: To: alist@gnu.org From: Anne Example Person via Alist Reply-To: Anne Example Person Subject: [alist] Hi, I have a suggestion to improve X Without going into all of the details, here's a few points about why we concluded the unmodified message fix is better for discussion lists. Email clients don't all treat munged messages the same way as unmunged, and humans read these headers so it can confuse people, causing messages not to be sent to the expected recipients. GNU Mailman has an option to do "Munge From" always, but does not recommend using it[1]. While we're not bound by what others do, it's worth noting that other very large free software communities like Debian GNU/Linux have adopted the unmodified message fix[2]. The unmodified messages fix avoids breaking DKIM cryptographic signatures, which show the message was authorized by the signing domain. New discussion lists' default settings will be to send unmodified messages. Existing discussion lists that add subject prefixes or footers will have "Munge From" turned on, and then we will email the list administrators and moderators asking if they are ok with changing to unmodified messages. If they do not object within 1 month, we will change their list settings to send unmodified messages. Sometimes the list administrators and moderators emails goes out of date. If you have the administration password for a list, please log in and check that they are up to date at the top of the "General Options" section of the list administration interface. For announcement lists that do not have discussion, munging does not have nearly as bad an impact. Announce lists with subject prefixes or footers will get "Munge From" applied. I will email the list owners and moderators to let them know about this issue and they can change to using unmodified messages if they want. Announce lists created in the future will send unmodified messages by default. Debbugs lists prepend a bug # to the subject. These will get "Munge From" applied. An example of a debbugs list is bug-gnu-emacs[3]. Debbugs maintainers can consider if there are any other changes they want. For -commit lists, commit messages are created by a program running on a single server, not the authors in the from headers. This means they cannot have valid DKIM signatures and so they will get "Munge From" applied and always need it. An example of a -commit list is gnuastro-commits[4]. For any Mailman list administrator who wants to change or look over the relevant settings: The dmarc_moderation_action setting is under "Privacy Options" subsection "Sender Filters". The only options that should be selected are "Accept" or "Munge From", along with corresponding changes to the subject_prefix option under "General Options", and msg_footer under "Non-digest options". A short DMARC technical overview: DMARC policy is a DNS txt record at a _dmarc subdomain. For example: $ host -t txt _dmarc.yahoo.com _dmarc.yahoo.com descriptive text "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua@yahoo.com;" The only important thing there for our purpose is p=reject. p=reject means that conforming mail servers that receive mail with a from header of *@yahoo.com will reject that email unless it was either 1. sent from Yahoo's email servers, or 2. its DKIM signature is verified. A DKIM signature[5] is a public key cryptographic signature of the email body and some headers included in the message header "DKIM-Signature". A verified DKIM signature means that email body and signed headers have not been modified. Comprehensive resources about DMARC tend to downplay or ignore its problems, but some that have helped me are Wikipedia[6], the Mailman wiki[1], dmarc.org wiki[7], and the DMARC rfc[8]. [1]: https://wiki.list.org/DEV/DMARC [2]: https://lists.debian.org/debian-devel-announce/2015/08/msg00003.html [3]: https://lists.gnu.org/archive/html/bug-gnu-emacs/2019-06/threads.html [4]: https://lists.gnu.org/archive/html/gnuastro-commits/2019-06/threads.html [5]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail [6]: https://en.wikipedia.org/wiki/DMARC [7]: https://dmarc.org/wiki/FAQ#senders [8]: https://tools.ietf.org/html/rfc7489 -- https://lists.gnu.org/mailman/listinfo/gnu-prog --=-=-= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KaW5mby1nbnVz LWVuZ2xpc2ggbWFpbGluZyBsaXN0CmluZm8tZ251cy1lbmdsaXNoQGdudS5vcmcKaHR0cHM6Ly9s aXN0cy5nbnUub3JnL21haWxtYW4vbGlzdGluZm8vaW5mby1nbnVzLWVuZ2xpc2gK --=-=-=--