1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1Z5tSy-0001k4-VQ
for bitcoin-development@lists.sourceforge.net;
Fri, 19 Jun 2015 10:24:08 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.179 as permitted sender)
client-ip=209.85.212.179; envelope-from=mh.in.england@gmail.com;
helo=mail-wi0-f179.google.com;
Received: from mail-wi0-f179.google.com ([209.85.212.179])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Z5tSx-0005jF-Tq
for bitcoin-development@lists.sourceforge.net;
Fri, 19 Jun 2015 10:24:08 +0000
Received: by wicnd19 with SMTP id nd19so14671667wic.1
for <bitcoin-development@lists.sourceforge.net>;
Fri, 19 Jun 2015 03:24:02 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.194.59.98 with SMTP id y2mr24650126wjq.42.1434709441957;
Fri, 19 Jun 2015 03:24:01 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.28.14.196 with HTTP; Fri, 19 Jun 2015 03:24:01 -0700 (PDT)
In-Reply-To: <CAEz79Pr4ug8zyJ5bibCG3m0YD8gkBiXysWJsZDThTiwXsgd7YQ@mail.gmail.com>
References: <CAEz79PoDn+-aDkqSfPeQFUjYDEDEhSrJ2mFYcbitHBf4oADBSg@mail.gmail.com>
<CANEZrP3vut8uYWeeynLdwvSM56eXZZdgidaEgcvg1FNMye6P9w@mail.gmail.com>
<CAEz79Pr4ug8zyJ5bibCG3m0YD8gkBiXysWJsZDThTiwXsgd7YQ@mail.gmail.com>
Date: Fri, 19 Jun 2015 12:24:01 +0200
X-Google-Sender-Auth: tpeLRSvcbsqQajVQ0A9KSxAVVtw
Message-ID: <CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: "Warren Togami Jr." <wtogami@gmail.com>
Content-Type: multipart/alternative; boundary=047d7ba978a0a4d5d70518dc5282
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Z5tSx-0005jF-Tq
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Mailman incompatibility with DKIM ...
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 10:24:09 -0000
--047d7ba978a0a4d5d70518dc5282
Content-Type: text/plain; charset=UTF-8
>
> The new list currently has footers removed during testing. I am not
> pleased with the need to remove the subject tag and footer to be more
> compatible with DKIM users.
>
Lists can do what are effectively MITM attacks on people's messages in any
way they like, if they resign for the messages themselves. That seems fair
to me! :)
> I'm guessing DKIM enforcement is not very common because of issues like
> this?
>
DKIM is used by most mail on the internet. DMARC rules that publish in DNS
statements like "All mail from bitpay.com is signed correctly so trash any
that isn't" are used on some of the worlds most heavily phished domains
like google.com, PayPal, eBay, and indeed BitPay.
These rules are understood and enforced by all major webmail providers
including Gmail. It's actually only rusty geek infrastructure that has
problems with this, I've never heard of DKIM/DMARC users having issues
outside of dealing with mailman. The vast majority of email users who never
post to technical mailing lists benefit from it significantly.
Really everyone should use them. Adding cryptographic integrity to email is
hardly a crazy idea :)
> It seems that Sourceforge silently drops DKIM enforced mail like jgarzik's.
>
It's not SourceForge, it's your spam filter. His mail gets through to me
but it's all in the spam folder.
--047d7ba978a0a4d5d70518dc5282
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div=
class=3D"gmail_quote"><div>The new list currently has footers removed duri=
ng testing.=C2=A0 I am not pleased with the need to remove the subject tag =
and footer to be more compatible with DKIM users.</div></div></div></div></=
blockquote><div><br></div><div>Lists can do what are effectively MITM attac=
ks on people's messages in any way they like, if they resign for the me=
ssages themselves. That seems fair to me! =C2=A0:)</div><div>=C2=A0</div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
#ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><d=
iv class=3D"gmail_quote"><span class=3D""><div>=C2=A0I'm guessing DKIM =
enforcement is not very common because of issues like this?</div></span></d=
iv></div></div></blockquote><div><br></div><div>DKIM is used by most mail o=
n the internet. DMARC rules that publish in DNS statements like "All m=
ail from <a href=3D"http://bitpay.com">bitpay.com</a> is signed correctly s=
o trash any that isn't" are used on some of the worlds most heavil=
y phished domains like <a href=3D"http://google.com">google.com</a>, PayPal=
, eBay, and indeed BitPay.=C2=A0</div><div><br></div><div>These rules are u=
nderstood and enforced by all major webmail providers including Gmail. It&#=
39;s actually only rusty geek infrastructure that has problems with this, I=
've never heard of DKIM/DMARC users having issues outside of dealing wi=
th mailman. The vast majority of email users who never post to technical ma=
iling lists benefit from it significantly.</div><div><br></div><div>Really =
everyone should use them. Adding cryptographic integrity to email is hardly=
a crazy idea :)</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div =
dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><div>It s=
eems that Sourceforge silently drops DKIM enforced mail like jgarzik's.=
</div></div></div></div></blockquote><div><br></div><div>It's not Sourc=
eForge, it's your spam filter. His mail gets through to me but it's=
all in the spam folder.</div></div></div></div>
--047d7ba978a0a4d5d70518dc5282--
|