From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.tex.context/105075 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Gerben Wierda Newsgroups: gmane.comp.tex.context Subject: Re: This mailing list is not DKIM (DMARC) compatible Date: Tue, 17 Sep 2019 10:21:40 +0200 Message-ID: <32AE2AE4-7E8E-4A84-96AD-B8B9B0947CEE@rna.nl> References: <715EA0B9-5BEF-44CA-AC5D-35787CB92B29@rna.nl> <0c9058f4-ecff-3fdb-dd51-3a9eb8193d1b@gmail.com> Reply-To: mailing list for ConTeXt users Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Content-Type: multipart/mixed; boundary="===============1715651087902180719==" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="140512"; mail-complaints-to="usenet@blaine.gmane.org" To: mailing list for ConTeXt users Original-X-From: ntg-context-bounces@ntg.nl Tue Sep 17 10:22:06 2019 Return-path: Envelope-to: gctc-ntg-context-518@m.gmane.org Original-Received: from zapf.boekplan.nl ([5.39.185.232] helo=zapf.ntg.nl) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iA8kQ-000aNx-LT for gctc-ntg-context-518@m.gmane.org; Tue, 17 Sep 2019 10:22:06 +0200 Original-Received: from localhost (localhost [127.0.0.1]) by zapf.ntg.nl (Postfix) with ESMTP id 76C04160F85; Tue, 17 Sep 2019 10:21:47 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at zapf.boekplan.nl Original-Received: from zapf.ntg.nl ([127.0.0.1]) by localhost (zapf.ntg.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nYUwzdM1x26; Tue, 17 Sep 2019 10:21:46 +0200 (CEST) Original-Received: from zapf.ntg.nl (localhost [127.0.0.1]) by zapf.ntg.nl (Postfix) with ESMTP id 6C637160C54; Tue, 17 Sep 2019 10:21:46 +0200 (CEST) Original-Received: from localhost (localhost [127.0.0.1]) by zapf.ntg.nl (Postfix) with ESMTP id 4928B160C1F for ; Tue, 17 Sep 2019 10:21:45 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at zapf.boekplan.nl Original-Received: from zapf.ntg.nl ([127.0.0.1]) by localhost (zapf.ntg.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMrT4Y8qOMDq for ; Tue, 17 Sep 2019 10:21:44 +0200 (CEST) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=213.125.118.53; helo=mail.rna.nl; envelope-from=gerben.wierda@rna.nl; receiver= Original-Received: from mail.rna.nl (mail.rna.nl [213.125.118.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by zapf.ntg.nl (Postfix) with ESMTPS id 2D8B1160A6F for ; Tue, 17 Sep 2019 10:21:44 +0200 (CEST) Original-Received: from localhost (localhost [127.0.0.1]) by mail.rna.nl (Postfix) with ESMTP id 8C3FB19BD896 for ; Tue, 17 Sep 2019 10:21:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at rna.nl Original-Received: from mail.rna.nl ([127.0.0.1]) by localhost (dumbledore.rna.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBtp2wXAnqEL for ; Tue, 17 Sep 2019 10:21:41 +0200 (CEST) Original-Received: from [192.168.170.176] (d4b27fea.static.ziggozakelijk.nl [212.178.127.234]) by mail.rna.nl (Postfix) with ESMTPSA id E9A3C19BD87D for ; Tue, 17 Sep 2019 10:21:40 +0200 (CEST) In-Reply-To: <0c9058f4-ecff-3fdb-dd51-3a9eb8193d1b@gmail.com> X-Mailer: Apple Mail (2.3445.104.11) X-BeenThere: ntg-context@ntg.nl X-Mailman-Version: 2.1.26 Precedence: list List-Id: mailing list for ConTeXt users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ntg-context-bounces@ntg.nl Original-Sender: "ntg-context" Xref: news.gmane.org gmane.comp.tex.context:105075 Archived-At: --===============1715651087902180719== Content-Type: multipart/alternative; boundary="Apple-Mail=_88254C1B-CBF6-4051-B4CF-FEF929A505AE" --Apple-Mail=_88254C1B-CBF6-4051-B4CF-FEF929A505AE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Mailman already has settings for this, but one is advised not to use the = =E2=80=98munging=E2=80=99 option. My guess is that if you leave the change of body in place, participants = that are sending through mail servers that support SPF will fail = (because of the resend by the list) and support for DKIM will fail = (because of the changed body) You will still receive the 'list-forwarded=E2=80=99 messages from = senders who do not use DMARC, you will start missing those that do. It = is unlikely that you will suddenly stop receiving all messages from the = list (e.g. mine will go through as I haven=E2=80=99t yet turned DMARC = fully on, but as soon as I do, I will be unable to send messages via = this list to those at the receiving end that do DMARC checking, and that = holds for more and more users.). The sender=E2=80=99s email manager will also get unnecessary reports of = the list server illegally sending messages on their behalf. Most list these days that I am on already have removed the footer, and = leave the Subject: line alone. Sorting can be done on other headers than = Subject. Using dmarc_moderation_action (mailman setting) means that you start to = munge headers etc, which is not optimal: https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html = writes = about munging: However this is a poor use of email, since it=E2=80=99s misrepresenting = who originated the message. Also email clients often have a degraded = interface with respect to the Reply-To header. It=E2=80=99s usually not = visible in the message list, not used for sorting, and not added to the = address book. But whatever you guys do, make sure you are DMARC-proof to prevent = running into these issues later on. Either munge, or remove the footer = and the change of Subject (I would prefer the latter). Gerben Wierda Chess and the Art of Enterprise Architecture = Mastering ArchiMate Architecture for Real Enterprises = at = InfoWorld On Slippery Ice at EAPJ > On 16 Sep 2019, at 22:46, Henri Menke wrote: >=20 > I think this is better reported to Mailman. I'm not sure to what = extent list > administrators have control over DKIM settings. > https://gitlab.com/groups/mailman/-/issues >=20 > On 9/17/19 1:34 AM, Gerben Wierda wrote: >> In addition: Lists should keep the =46rom address, the Subject, and = the Message totally unchanged. They should add a Sender header to = indicate their relay role, and set at least the List-Id and = List-Unsubscribe headers for mailbox rules and subscription management. >>=20 >>=20 >> Gerben Wierda >> Chess and the Art of Enterprise Architecture = >> Mastering ArchiMate >> Architecture for Real Enterprises = at = InfoWorld >> On Slippery Ice at EAPJ >>=20 >>> On 16 Sep 2019, at 15:21, Gerben Wierda > wrote: >>>=20 >>> The footer that is added to each message in this list is not DKIM = (and thus DMARC) compatible. DKIM requires the ability to create a = signature on a set of headers and the body. By changing the body, the = DKIM signature fails and the resulting messages sent by the mail list = may in the future be blocked by more and more mail servers. >>>=20 >>> Gerben Wierda >>> Chess and the Art of Enterprise Architecture = >>> Mastering ArchiMate >>> Architecture for Real Enterprises = at = InfoWorld >>> On Slippery Ice at EAPJ >>>=20 >>> = __________________________________________________________________________= _________ >>> If your question is of interest to others as well, please add an = entry to the Wiki! >>>=20 >>> maillist : ntg-context@ntg.nl / = http://www.ntg.nl/mailman/listinfo/ntg-context >>> webpage : http://www.pragma-ade.nl / http://context.aanhet.net >>> archive : https://bitbucket.org/phg/context-mirror/commits/ >>> wiki : http://contextgarden.net >>> = __________________________________________________________________________= _________ >>=20 >>=20 >> = __________________________________________________________________________= _________ >> If your question is of interest to others as well, please add an = entry to the Wiki! >>=20 >> maillist : ntg-context@ntg.nl / = http://www.ntg.nl/mailman/listinfo/ntg-context >> webpage : http://www.pragma-ade.nl / http://context.aanhet.net >> archive : https://bitbucket.org/phg/context-mirror/commits/ >> wiki : http://contextgarden.net >> = __________________________________________________________________________= _________ >>=20 > = __________________________________________________________________________= _________ > If your question is of interest to others as well, please add an entry = to the Wiki! >=20 > maillist : ntg-context@ntg.nl / = http://www.ntg.nl/mailman/listinfo/ntg-context > webpage : http://www.pragma-ade.nl / http://context.aanhet.net > archive : https://bitbucket.org/phg/context-mirror/commits/ > wiki : http://contextgarden.net > = __________________________________________________________________________= _________ --Apple-Mail=_88254C1B-CBF6-4051-B4CF-FEF929A505AE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Mailman already has settings for this, but one is advised not = to use the =E2=80=98munging=E2=80=99 option.

My guess is that if you leave the = change of body in place, participants that are sending through mail = servers that support SPF will fail (because of the resend by the list) = and support for DKIM will fail (because of the changed body)

You will still receive = the 'list-forwarded=E2=80=99 messages from senders who do not use DMARC, = you will start missing those that do. It is unlikely that you will = suddenly stop receiving all messages from the list (e.g. mine will go = through as I haven=E2=80=99t yet turned DMARC fully on, but as soon as I = do, I will be unable to send messages via this list to those at the = receiving end that do DMARC checking, and that holds for more and more = users.).

The = sender=E2=80=99s email manager will also get unnecessary reports of the = list server illegally sending messages on their behalf.

Most list these days = that I am on already have removed the footer, and leave the Subject: = line alone. Sorting can be done on other headers than Subject.

Using = dmarc_moderation_action (mailman setting) means that you start to munge = headers etc, which is not optimal:

https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html writes about munging:
However = this is a poor use of email, since it=E2=80=99s misrepresenting who = originated the message. Also email clients often have a degraded = interface with respect to the Reply-To header. It=E2=80=99s = usually not visible in the message list, not used for sorting, and = not added to the address book.

But whatever you guys = do, make sure you are DMARC-proof to prevent running into these issues = later on. Either munge, or remove the footer and the change of Subject = (I would prefer the latter).


On 16 Sep 2019, at 22:46, Henri Menke <henrimenke@gmail.com> wrote:

I = think this is better reported to Mailman.  I'm not sure to what = extent list
administrators have control over DKIM = settings.
https://gitlab.com/groups/mailman/-/issues

On 9/17/19 1:34 AM, Gerben Wierda wrote:
In addition: Lists = should keep the =46rom address, the Subject, and the = Message totally unchanged. They should add a Sender header to = indicate their relay role, and set at least the List-Id and = List-Unsubscribe headers for mailbox rules and subscription = management.


Gerben Wierda
Chess and the Art of Enterprise Architecture = <https://ea.rna.nl/the-book/>
Mastering ArchiMate = <https://ea.rna.nl/the-book-edition-iii/>
Architecture= for Real Enterprises = <https://www.infoworld.com/blog/architecture-for-real-enterprises/>&= nbsp;at InfoWorld
On Slippery Ice = <https://eapj.org/on-slippery-ice/> at EAPJ

On 16 Sep 2019, at = 15:21, Gerben Wierda <gerben.wierda@rna.nl = <mailto:gerben.wierda@rna.nl>> wrote:

The footer that is added to each message in this list is not = DKIM (and thus DMARC) compatible. DKIM requires the ability to create a = signature on a set of headers and the body. By changing the body, the = DKIM signature fails and the resulting messages sent by the mail list = may in the future be blocked by  more and more mail servers.

Gerben Wierda
Chess and the Art = of Enterprise Architecture <https://ea.rna.nl/the-book/>
Mastering ArchiMate = <https://ea.rna.nl/the-book-edition-iii/>
Architecture= for Real Enterprises = <https://www.infoworld.com/blog/architecture-for-real-enterprises/>&= nbsp;at InfoWorld
On Slippery Ice = <https://eapj.org/on-slippery-ice/> at EAPJ

_______________________________________________________________= ____________________
If your question is of interest to = others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl = <mailto:ntg-context@ntg.nl> / = http://www.ntg.nl/mailman/listinfo/ntg-context
webpage =  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : = https://bitbucket.org/phg/context-mirror/commits/
wiki =     : http://contextgarden.net
_______________________________________________________________= ____________________


_______________________________________________________________= ____________________
If your question is of interest to = others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / = http://www.ntg.nl/mailman/listinfo/ntg-context
webpage =  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : = https://bitbucket.org/phg/context-mirror/commits/
wiki =     : http://contextgarden.net
_______________________________________________________________= ____________________

__________________________________________________= _________________________________
If your question is of = interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / = http://www.ntg.nl/mailman/listinfo/ntg-context
webpage =  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : = https://bitbucket.org/phg/context-mirror/commits/
wiki =     : http://contextgarden.net
_______________________________________________________________= ____________________

= --Apple-Mail=_88254C1B-CBF6-4051-B4CF-FEF929A505AE-- --===============1715651087902180719== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KSWYgeW91ciBxdWVzdGlvbiBpcyBvZiBpbnRlcmVz dCB0byBvdGhlcnMgYXMgd2VsbCwgcGxlYXNlIGFkZCBhbiBlbnRyeSB0byB0aGUgV2lraSEKCm1h aWxsaXN0IDogbnRnLWNvbnRleHRAbnRnLm5sIC8gaHR0cDovL3d3dy5udGcubmwvbWFpbG1hbi9s aXN0aW5mby9udGctY29udGV4dAp3ZWJwYWdlICA6IGh0dHA6Ly93d3cucHJhZ21hLWFkZS5ubCAv IGh0dHA6Ly9jb250ZXh0LmFhbmhldC5uZXQKYXJjaGl2ZSAgOiBodHRwczovL2JpdGJ1Y2tldC5v cmcvcGhnL2NvbnRleHQtbWlycm9yL2NvbW1pdHMvCndpa2kgICAgIDogaHR0cDovL2NvbnRleHRn YXJkZW4ubmV0Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCg== --===============1715651087902180719==--