This mailing list is not DKIM (DMARC) compatible

This mailing list is not DKIM (DMARC) compatible

[Gerben Wierda]

[-- Attachment #1.1: Type: text/plain, Size: 670 bytes --]

The footer that is added to each message in this list is not DKIM (and thus DMARC) compatible. DKIM requires the ability to create a signature on a set of headers and the body. By changing the body, the DKIM signature fails and the resulting messages sent by the mail list may in the future be blocked by  more and more mail servers.

Gerben Wierda
Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ


[-- Attachment #1.2: Type: text/html, Size: 1498 bytes --]

[-- Attachment #2: Type: text/plain, Size: 493 bytes --]

___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Re: This mailing list is not DKIM (DMARC) compatible

[Gerben Wierda]

[-- Attachment #1.1: Type: text/plain, Size: 1884 bytes --]

In addition: Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.


Gerben Wierda
Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ

> On 16 Sep 2019, at 15:21, Gerben Wierda <gerben.wierda@rna.nl> wrote:
> 
> The footer that is added to each message in this list is not DKIM (and thus DMARC) compatible. DKIM requires the ability to create a signature on a set of headers and the body. By changing the body, the DKIM signature fails and the resulting messages sent by the mail list may in the future be blocked by  more and more mail servers.
> 
> Gerben Wierda
> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
> 
> ___________________________________________________________________________________
> If your question is of interest to others as well, please add an entry to the Wiki!
> 
> maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
> webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
> archive  : https://bitbucket.org/phg/context-mirror/commits/
> wiki     : http://contextgarden.net
> ___________________________________________________________________________________


[-- Attachment #1.2: Type: text/html, Size: 4093 bytes --]

[-- Attachment #2: Type: text/plain, Size: 493 bytes --]

___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Re: This mailing list is not DKIM (DMARC) compatible

[Henri Menke]

I think this is better reported to Mailman.  I'm not sure to what extent list
administrators have control over DKIM settings.
https://gitlab.com/groups/mailman/-/issues

On 9/17/19 1:34 AM, Gerben Wierda wrote:
> In addition: Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.
> 
> 
> Gerben Wierda
> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
> 
>> On 16 Sep 2019, at 15:21, Gerben Wierda <gerben.wierda@rna.nl <mailto:gerben.wierda@rna.nl>> wrote:
>>
>> The footer that is added to each message in this list is not DKIM (and thus DMARC) compatible. DKIM requires the ability to create a signature on a set of headers and the body. By changing the body, the DKIM signature fails and the resulting messages sent by the mail list may in the future be blocked by  more and more mail servers.
>>
>> Gerben Wierda
>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>>
>> ___________________________________________________________________________________
>> If your question is of interest to others as well, please add an entry to the Wiki!
>>
>> maillist : ntg-context@ntg.nl <mailto:ntg-context@ntg.nl> / http://www.ntg.nl/mailman/listinfo/ntg-context
>> webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
>> archive  : https://bitbucket.org/phg/context-mirror/commits/
>> wiki     : http://contextgarden.net
>> ___________________________________________________________________________________
> 
> 
> ___________________________________________________________________________________
> If your question is of interest to others as well, please add an entry to the Wiki!
> 
> maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
> webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
> archive  : https://bitbucket.org/phg/context-mirror/commits/
> wiki     : http://contextgarden.net
> ___________________________________________________________________________________
> 
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Re: This mailing list is not DKIM (DMARC) compatible

[Gerben Wierda]

[-- Attachment #1.1: Type: text/plain, Size: 5512 bytes --]

Mailman already has settings for this, but one is advised not to use the ‘munging’ option.

My guess is that if you leave the change of body in place, participants that are sending through mail servers that support SPF will fail (because of the resend by the list) and support for DKIM will fail (because of the changed body)

You will still receive the 'list-forwarded’ messages from senders who do not use DMARC, you will start missing those that do. It is unlikely that you will suddenly stop receiving all messages from the list (e.g. mine will go through as I haven’t yet turned DMARC fully on, but as soon as I do, I will be unable to send messages via this list to those at the receiving end that do DMARC checking, and that holds for more and more users.).

The sender’s email manager will also get unnecessary reports of the list server illegally sending messages on their behalf.

Most list these days that I am on already have removed the footer, and leave the Subject: line alone. Sorting can be done on other headers than Subject.

Using dmarc_moderation_action (mailman setting) means that you start to munge headers etc, which is not optimal:

https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html <https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html> writes about munging:
However this is a poor use of email, since it’s misrepresenting who originated the message. Also email clients often have a degraded interface with respect to the Reply-To header. It’s usually not visible in the message list, not used for sorting, and not added to the address book.

But whatever you guys do, make sure you are DMARC-proof to prevent running into these issues later on. Either munge, or remove the footer and the change of Subject (I would prefer the latter).

Gerben Wierda
Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ

> On 16 Sep 2019, at 22:46, Henri Menke <henrimenke@gmail.com> wrote:
> 
> I think this is better reported to Mailman.  I'm not sure to what extent list
> administrators have control over DKIM settings.
> https://gitlab.com/groups/mailman/-/issues
> 
> On 9/17/19 1:34 AM, Gerben Wierda wrote:
>> In addition: Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.
>> 
>> 
>> Gerben Wierda
>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>> 
>>> On 16 Sep 2019, at 15:21, Gerben Wierda <gerben.wierda@rna.nl <mailto:gerben.wierda@rna.nl>> wrote:
>>> 
>>> The footer that is added to each message in this list is not DKIM (and thus DMARC) compatible. DKIM requires the ability to create a signature on a set of headers and the body. By changing the body, the DKIM signature fails and the resulting messages sent by the mail list may in the future be blocked by  more and more mail servers.
>>> 
>>> Gerben Wierda
>>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>>> 
>>> ___________________________________________________________________________________
>>> If your question is of interest to others as well, please add an entry to the Wiki!
>>> 
>>> maillist : ntg-context@ntg.nl <mailto:ntg-context@ntg.nl> / http://www.ntg.nl/mailman/listinfo/ntg-context
>>> webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
>>> archive  : https://bitbucket.org/phg/context-mirror/commits/
>>> wiki     : http://contextgarden.net
>>> ___________________________________________________________________________________
>> 
>> 
>> ___________________________________________________________________________________
>> If your question is of interest to others as well, please add an entry to the Wiki!
>> 
>> maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
>> webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
>> archive  : https://bitbucket.org/phg/context-mirror/commits/
>> wiki     : http://contextgarden.net
>> ___________________________________________________________________________________
>> 
> ___________________________________________________________________________________
> If your question is of interest to others as well, please add an entry to the Wiki!
> 
> maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
> webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
> archive  : https://bitbucket.org/phg/context-mirror/commits/
> wiki     : http://contextgarden.net
> ___________________________________________________________________________________


[-- Attachment #1.2: Type: text/html, Size: 7854 bytes --]

[-- Attachment #2: Type: text/plain, Size: 493 bytes --]

___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Re: This mailing list is not DKIM (DMARC) compatible

[Henning Hraban Ramm]

My own mailserver (mail.fiee.net) uses SPF and DKIM, and I have no problems with this or other lists.
Maybe I configured it too tolerant, but the only thing server check tools find faulty is that I can't offer DANE (my DNS access is not sufficient).

Thus I see no reason to panic.

If we would *not* change the sender address to the list’s, there would be a problem. Namely what you mention, that we would send mails on the sender’s behalf.

I really like to have the list’s name in the subject line, and also think that the list footer makes sense. What doesn’t make sense is to leave it in your reply.

Best, Hraban


> Am 2019-09-17 um 10:21 schrieb Gerben Wierda <gerben.wierda@rna.nl>:
> 
> Mailman already has settings for this, but one is advised not to use the ‘munging’ option.
> 
> My guess is that if you leave the change of body in place, participants that are sending through mail servers that support SPF will fail (because of the resend by the list) and support for DKIM will fail (because of the changed body)
> 
> You will still receive the 'list-forwarded’ messages from senders who do not use DMARC, you will start missing those that do. It is unlikely that you will suddenly stop receiving all messages from the list (e.g. mine will go through as I haven’t yet turned DMARC fully on, but as soon as I do, I will be unable to send messages via this list to those at the receiving end that do DMARC checking, and that holds for more and more users.).
> 
> The sender’s email manager will also get unnecessary reports of the list server illegally sending messages on their behalf.
> 
> Most list these days that I am on already have removed the footer, and leave the Subject: line alone. Sorting can be done on other headers than Subject.
> 
> Using dmarc_moderation_action (mailman setting) means that you start to munge headers etc, which is not optimal:
> 
> https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html writes about munging:
> However this is a poor use of email, since it’s misrepresenting who originated the message. Also email clients often have a degraded interface with respect to the Reply-To header. It’s usually not visible in the message list, not used for sorting, and not added to the address book.
> 
> But whatever you guys do, make sure you are DMARC-proof to prevent running into these issues later on. Either munge, or remove the footer and the change of Subject (I would prefer the latter).
> 
> Gerben Wierda
> Chess and the Art of Enterprise Architecture
> Mastering ArchiMate
> Architecture for Real Enterprises at InfoWorld
> On Slippery Ice at EAPJ
> 
>> On 16 Sep 2019, at 22:46, Henri Menke <henrimenke@gmail.com> wrote:
>> 
>> I think this is better reported to Mailman.  I'm not sure to what extent list
>> administrators have control over DKIM settings.
>> https://gitlab.com/groups/mailman/-/issues
>> 
>> On 9/17/19 1:34 AM, Gerben Wierda wrote:
>>> In addition: Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.
>>> 
>>> 
>>> Gerben Wierda
>>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>>> 
>>>> On 16 Sep 2019, at 15:21, Gerben Wierda <gerben.wierda@rna.nl <mailto:gerben.wierda@rna.nl>> wrote:
>>>> 
>>>> The footer that is added to each message in this list is not DKIM (and thus DMARC) compatible. DKIM requires the ability to create a signature on a set of headers and the body. By changing the body, the DKIM signature fails and the resulting messages sent by the mail list may in the future be blocked by  more and more mail servers.
>>>> 
>>>> Gerben Wierda
>>>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>>>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>>>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>>>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ

___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Re: This mailing list is not DKIM (DMARC) compatible

[Henning Hraban Ramm]

> Am 2019-09-21 um 18:53 schrieb Henning Hraban Ramm <texml@fiee.net>:
> 
> If we would *not* change the sender address to the list’s, there would be a problem. Namely what you mention, that we would send mails on the sender’s behalf.

Sorry, here I wrote nonsense. We change the sender, of course.
I like to have it this way, but there *is* a problem, and I don’t know enough about mail headers…

Hraban
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Re: This mailing list is not DKIM (DMARC) compatible

[Taco Hoekwater]

> On 16 Sep 2019, at 15:34, Gerben Wierda <Gerben.Wierda@rna.nl> wrote:
> 
> In addition: Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.

Well, we leave From alone, add Sender, List-Id, and List-Unsubscribe.

That leaves Subject and Body, but I agree with Hraban in that I like both those features. I could turn
munging on and see what happens?

Taco
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://context.aanhet.net
archive  : https://bitbucket.org/phg/context-mirror/commits/
wiki     : http://contextgarden.net
___________________________________________________________________________________