Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z62ja-0005Bd-NH for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 20:17:54 +0000 X-ACL-Warn: Received: from mail-qc0-f174.google.com ([209.85.216.174]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z62jZ-0007EX-9r for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 20:17:54 +0000 Received: by qcbcf1 with SMTP id cf1so14364166qcb.0 for ; Fri, 19 Jun 2015 13:17:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=lJ+1sdXu/Luok8wHXhisuk9IFYUkg2Ti/zyqzis4S64=; b=D7kvhAePwJcq4YiXtnm649FlAIDq5aHHVYujs/+H+3mcFg/ndgr6GCtcfrVekYWKl+ 0PCntw4aORwn7LWIJbS5+i+8BzTWdxAO1WukbuK/CipXJK8Nx0VDMjop6NGqV4ZqfH2S UKcd6xaybRU49hbRys9znNqDdy9O3sKTpM0IFH9gT6GZ9LRAPTUCK+VPXe8BdwInwe4V u/pu/bimsYAzcANDe4eiBe2Yq9TS6Re48WZ0t+n+CMo1Um5eODXOim40CrGqy6V2/xIH V7akaXX45u7B8npSy2M3bTg+Sht8rPB2hMo02Hf2xWLY0Z9GjUGNPOx63W719SOEufC0 eixA== X-Gm-Message-State: ALoCoQnNpeHIScb7t4JNEjwBlSoPn4HqRrBTkA6tUOXs1f+/E4Qz9T36FEzSRXiXOe0u6XBKkAbI MIME-Version: 1.0 X-Received: by 10.140.130.193 with SMTP id 184mr25228755qhc.2.1434743276628; Fri, 19 Jun 2015 12:47:56 -0700 (PDT) Received: by 10.96.154.66 with HTTP; Fri, 19 Jun 2015 12:47:56 -0700 (PDT) In-Reply-To: References: Date: Fri, 19 Jun 2015 15:47:56 -0400 Message-ID: From: Adam Weiss To: "Warren Togami Jr." Content-Type: multipart/alternative; boundary=001a1134f0c85903d30518e433ee X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1Z62jZ-0007EX-9r Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Mailman incompatibility with DKIM ... X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 20:17:54 -0000 --001a1134f0c85903d30518e433ee Content-Type: text/plain; charset=UTF-8 Hi Warren, If you set dmarc_moderation_action to "Munge from", the list will detect when someone posts from a domain that publishes a request for strict signature checking for all mails originating from it (in DNS) and rewrite the envelope-from to the list's address. Reply-to will be added and set to the original sender. I think that this is probably a better way to workaround the issue (rather than playing with getting the list to not break the signature) until these things mature further. Thoughts? --adam On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. wrote: > On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn wrote: > >> The new list currently has footers removed during testing. I am not >>> pleased with the need to remove the subject tag and footer to be more >>> compatible with DKIM users. >>> >> >> Lists can do what are effectively MITM attacks on people's messages in >> any way they like, if they resign for the messages themselves. That seems >> fair to me! :) >> > > Mailman isn't resigning it. Should it be? Does other mailing list > software? > > >> >> >>> I'm guessing DKIM enforcement is not very common because of issues like >>> this? >>> >> >> DKIM is used by most mail on the internet. DMARC rules that publish in >> DNS statements like "All mail from bitpay.com is signed correctly so >> trash any that isn't" are used on some of the worlds most heavily phished >> domains like google.com, PayPal, eBay, and indeed BitPay. >> >> These rules are understood and enforced by all major webmail providers >> including Gmail. It's actually only rusty geek infrastructure that has >> problems with this, I've never heard of DKIM/DMARC users having issues >> outside of dealing with mailman. The vast majority of email users who never >> post to technical mailing lists benefit from it significantly. >> >> Really everyone should use them. Adding cryptographic integrity to email >> is hardly a crazy idea :) >> > > I understand the reason to protect the "heavily phished" domains. I heard > that LKML does not modify the subject or add a footer, perhaps because it > would make it incompatible with DKIM of the several big corporate domains > who participate. > > I suppose it is somewhat acceptable for us to remove subject tags and > footers if we have no choice... > > Warren > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a1134f0c85903d30518e433ee Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Warren,

If you set dmarc_moderation_= action to "Munge from", the list will detect when someone posts f= rom a domain that publishes a request for strict signature checking for all= mails originating from it (in DNS) and rewrite the envelope-from to the li= st's address.=C2=A0 Reply-to will be added and set to the original send= er.

I think that this is probably a better way to = workaround the issue (rather than playing with getting the list to not brea= k the signature) until these things mature further.

Thoughts?

--adam


=C2=A0

On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <wtogami@gmai= l.com> wrote:
= On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote:
The new list currently has footers removed during testing.=C2=A0 I am not= pleased with the need to remove the subject tag and footer to be more comp= atible with DKIM users.

=
Lists can do what are effectively MITM attacks on people's = messages in any way they like, if they resign for the messages themselves. = That seems fair to me! =C2=A0:)
Mailman isn't resigning it.=C2=A0 Should it be?=C2= =A0 Does other mailing list software?=C2=A0
=C2= =A0
=C2=A0
=C2=A0I'm guessing DKIM enforcement is not very c= ommon because of issues like this?

DKIM is used by most mail on the internet. DM= ARC rules that publish in DNS statements like "All mail from bitpay.com is signed correctly= so trash any that isn't" are used on some of the worlds most heav= ily phished domains like go= ogle.com, PayPal, eBay, and indeed BitPay.=C2=A0

These rules are understood and enforced by all major webmail providers i= ncluding Gmail. It's actually only rusty geek infrastructure that has p= roblems with this, I've never heard of DKIM/DMARC users having issues o= utside of dealing with mailman. The vast majority of email users who never = post to technical mailing lists benefit from it significantly.
Really everyone should use them. Adding cryptographic integrit= y to email is hardly a crazy idea :)

I understand the reason to protect the "heavi= ly phished" domains.=C2=A0 I heard that LKML does not modify the subje= ct or add a footer, perhaps because it would make it incompatible with DKIM= of the several big corporate domains who participate.

=
I suppose it is somewhat acceptable for us to remove subject tags and = footers if we have no choice...

Warren
=
-----------------------------------------------------------------------= -------

_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/= listinfo/bitcoin-development


--001a1134f0c85903d30518e433ee--