Nobody is unsubscribed

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Nobody is unsubscribed

Raimo Niskanen-4
The reason we changed mailing list servers was to get better DMARC and
DKIM compliance.  This is a test post for us to inspect its headers...
--
Raimo Niskanen
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Andreas Schultz-4
Works on gmail, but produces a SPF error on Yahoo:


Authentication-Results: mta1148.mail.ir2.yahoo.com; 
 dkim=pass (ok) header.i=@gmail.com header.s=20161025;
 spf=permerror smtp.mailfrom=@erlang.org;
 dmarc=pass(p=none sp=quarantine dis=none) header.from=gmail.com;
Received-SPF: permerror (encountered permanent error during SPF processing of domain of erlang.org)

Am Freitag, 25. Oktober 2019, 06:24:16 GMT-7 hat Raimo Niskanen <[hidden email]> Folgendes geschrieben:


The reason we changed mailing list servers was to get better DMARC and
DKIM compliance.  This is a test post for us to inspect its headers...
--
Raimo Niskanen
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Raimo Niskanen-4
In reply to this post by Raimo Niskanen-4
To achieve DMARC compliance we have stopped changing the Subject:
field and no longer add the mailing list footer to the messages.

This is because From: Subject: and mail body among other fields are
often DKIM signed, so if we should change them we would not pass DKIM
signature check and thereby not be DMARC compliant.

Sorry for the inconvenience, we do not make the rules...
/ Raimo Niskanen

On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]> wrote:
>
> The reason we changed mailing list servers was to get better DMARC and
> DKIM compliance.  This is a test post for us to inspect its headers...
> --
> Raimo Niskanen
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Chris Rempel
Not having the subject contain [erlang-questions] or some other obvious indicator is quite unfortunate.  I guess many people were affected by not being DMARC compliant?  It seems to have been working just fine for quite some time... ie it "works for me" as it was.
 
That said, thanks for maintaining the list, and keeping it going.  It is a most useful resource.
 
Chris
 
Sent: Friday, October 25, 2019 at 7:38 AM
From: "Raimo Niskanen" <[hidden email]>
To: [hidden email]
Subject: Re: Nobody is unsubscribed
To achieve DMARC compliance we have stopped changing the Subject:
field and no longer add the mailing list footer to the messages.

This is because From: Subject: and mail body among other fields are
often DKIM signed, so if we should change them we would not pass DKIM
signature check and thereby not be DMARC compliant.

Sorry for the inconvenience, we do not make the rules...
/ Raimo Niskanen

On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]> wrote:
>
> The reason we changed mailing list servers was to get better DMARC and
> DKIM compliance. This is a test post for us to inspect its headers...
> --
> Raimo Niskanen
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Raimo Niskanen-4
It is mainly "the big ones" that have been affected by stricter DMARC policies.

When a subscriber sending from e.g Yahoo gets received by Gmail then Gmail rejects that message since Yahoo's DMARC policy says so (also vice versa). So the list gets a bounce and eventually blocks the Gmail subscriber, if enough in a row happens to send with strict DMARC policies.

So for some it has worked, some gets an annoying list probe every now and then, some do not get many posts, but the final nail in the coffin was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC policy and at the same time told us to get our act together and stop sending "unhygienic e-mail".

All the best
/ Raimo


Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]> skrev:
Not having the subject contain [erlang-questions] or some other obvious indicator is quite unfortunate.  I guess many people were affected by not being DMARC compliant?  It seems to have been working just fine for quite some time... ie it "works for me" as it was.
 
That said, thanks for maintaining the list, and keeping it going.  It is a most useful resource.
 
Chris
 
Sent: Friday, October 25, 2019 at 7:38 AM
From: "Raimo Niskanen" <[hidden email]>
To: [hidden email]
Subject: Re: Nobody is unsubscribed
To achieve DMARC compliance we have stopped changing the Subject:
field and no longer add the mailing list footer to the messages.

This is because From: Subject: and mail body among other fields are
often DKIM signed, so if we should change them we would not pass DKIM
signature check and thereby not be DMARC compliant.

Sorry for the inconvenience, we do not make the rules...
/ Raimo Niskanen

On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]> wrote:
>
> The reason we changed mailing list servers was to get better DMARC and
> DKIM compliance. This is a test post for us to inspect its headers...
> --
> Raimo Niskanen
rtp
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

rtp
In reply to this post by Raimo Niskanen-4
What about using GPG for encrypting and signing E-Mails. A lot of
problems would be solved at once. :-)

Cheerio
Ralf

PS: Sorry, couldn't resist to write this mail.


On 25.10.19 16:38, Raimo Niskanen wrote:

> To achieve DMARC compliance we have stopped changing the Subject:
> field and no longer add the mailing list footer to the messages.
>
> This is because From: Subject: and mail body among other fields are
> often DKIM signed, so if we should change them we would not pass DKIM
> signature check and thereby not be DMARC compliant.
>
> Sorry for the inconvenience, we do not make the rules...
> / Raimo Niskanen
>
> On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]> wrote:
>>
>> The reason we changed mailing list servers was to get better DMARC and
>> DKIM compliance.  This is a test post for us to inspect its headers...
>> --
>> Raimo Niskanen
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Joe Harrison
In reply to this post by Raimo Niskanen-4
Thanks for doing all of this, regardless.

There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
way that doesn't break some client's "From:" field, subject line, or
"Reply:" button in some way, but this seems like the least bad option.

I hope my emails make it through to the list now ^_^

OT: Be careful of organisations' web contact forms which ask for your
email address. Sometimes their web servers generate an email from the
form using your email address as the "From:" address, which will break a
lot of DKIM/DMARC/SPF stuff.
I know of at least one local authority (council) website in the UK which
is guilty of this.

- Joe

On 26/10/2019 07:57, Raimo Niskanen wrote:

> It is mainly "the big ones" that have been affected by stricter DMARC
> policies.
>
> When a subscriber sending from e.g Yahoo gets received by Gmail then
> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> versa). So the list gets a bounce and eventually blocks the Gmail
> subscriber, if enough in a row happens to send with strict DMARC policies.
>
> So for some it has worked, some gets an annoying list probe every now
> and then, some do not get many posts, but the final nail in the coffin
> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> policy and at the same time told us to get our act together and stop
> sending "unhygienic e-mail".
>
> All the best
> / Raimo
>
>
> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> <mailto:[hidden email]>> skrev:
>
>     Not having the subject contain [erlang-questions] or some other
>     obvious indicator is quite unfortunate.  I guess many people were
>     affected by not being DMARC compliant?  It seems to have been
>     working just fine for quite some time... ie it "works for me" as it was.
>      
>     That said, thanks for maintaining the list, and keeping it going. 
>     It is a most useful resource.
>      
>     Chris
>      
>     *Sent:* Friday, October 25, 2019 at 7:38 AM
>     *From:* "Raimo Niskanen" <[hidden email]
>     <mailto:[hidden email]>>
>     *To:* [hidden email] <mailto:[hidden email]>
>     *Subject:* Re: Nobody is unsubscribed
>     To achieve DMARC compliance we have stopped changing the Subject:
>     field and no longer add the mailing list footer to the messages.
>
>     This is because From: Subject: and mail body among other fields are
>     often DKIM signed, so if we should change them we would not pass DKIM
>     signature check and thereby not be DMARC compliant.
>
>     Sorry for the inconvenience, we do not make the rules...
>     / Raimo Niskanen
>
>     On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
>     <mailto:[hidden email]>> wrote:
>     >
>     > The reason we changed mailing list servers was to get better DMARC and
>     > DKIM compliance. This is a test post for us to inspect its headers...
>     > --
>     > Raimo Niskanen
>


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Richard O'Keefe
Does this apply to the EEPS list as well?

On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:

>
> Thanks for doing all of this, regardless.
>
> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> way that doesn't break some client's "From:" field, subject line, or
> "Reply:" button in some way, but this seems like the least bad option.
>
> I hope my emails make it through to the list now ^_^
>
> OT: Be careful of organisations' web contact forms which ask for your
> email address. Sometimes their web servers generate an email from the
> form using your email address as the "From:" address, which will break a
> lot of DKIM/DMARC/SPF stuff.
> I know of at least one local authority (council) website in the UK which
> is guilty of this.
>
> - Joe
>
> On 26/10/2019 07:57, Raimo Niskanen wrote:
> > It is mainly "the big ones" that have been affected by stricter DMARC
> > policies.
> >
> > When a subscriber sending from e.g Yahoo gets received by Gmail then
> > Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> > versa). So the list gets a bounce and eventually blocks the Gmail
> > subscriber, if enough in a row happens to send with strict DMARC policies.
> >
> > So for some it has worked, some gets an annoying list probe every now
> > and then, some do not get many posts, but the final nail in the coffin
> > was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> > policy and at the same time told us to get our act together and stop
> > sending "unhygienic e-mail".
> >
> > All the best
> > / Raimo
> >
> >
> > Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> > <mailto:[hidden email]>> skrev:
> >
> >     Not having the subject contain [erlang-questions] or some other
> >     obvious indicator is quite unfortunate.  I guess many people were
> >     affected by not being DMARC compliant?  It seems to have been
> >     working just fine for quite some time... ie it "works for me" as it was.
> >
> >     That said, thanks for maintaining the list, and keeping it going.
> >     It is a most useful resource.
> >
> >     Chris
> >
> >     *Sent:* Friday, October 25, 2019 at 7:38 AM
> >     *From:* "Raimo Niskanen" <[hidden email]
> >     <mailto:[hidden email]>>
> >     *To:* [hidden email] <mailto:[hidden email]>
> >     *Subject:* Re: Nobody is unsubscribed
> >     To achieve DMARC compliance we have stopped changing the Subject:
> >     field and no longer add the mailing list footer to the messages.
> >
> >     This is because From: Subject: and mail body among other fields are
> >     often DKIM signed, so if we should change them we would not pass DKIM
> >     signature check and thereby not be DMARC compliant.
> >
> >     Sorry for the inconvenience, we do not make the rules...
> >     / Raimo Niskanen
> >
> >     On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> >     <mailto:[hidden email]>> wrote:
> >     >
> >     > The reason we changed mailing list servers was to get better DMARC and
> >     > DKIM compliance. This is a test post for us to inspect its headers...
> >     > --
> >     > Raimo Niskanen
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Raimo Niskanen-4
Yes it does. It applies to all mailing lists.

Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.

Best regards
/ Raimo Niskanen 

Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
Does this apply to the EEPS list as well?

On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
>
> Thanks for doing all of this, regardless.
>
> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> way that doesn't break some client's "From:" field, subject line, or
> "Reply:" button in some way, but this seems like the least bad option.
>
> I hope my emails make it through to the list now ^_^
>
> OT: Be careful of organisations' web contact forms which ask for your
> email address. Sometimes their web servers generate an email from the
> form using your email address as the "From:" address, which will break a
> lot of DKIM/DMARC/SPF stuff.
> I know of at least one local authority (council) website in the UK which
> is guilty of this.
>
> - Joe
>
> On 26/10/2019 07:57, Raimo Niskanen wrote:
> > It is mainly "the big ones" that have been affected by stricter DMARC
> > policies.
> >
> > When a subscriber sending from e.g Yahoo gets received by Gmail then
> > Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> > versa). So the list gets a bounce and eventually blocks the Gmail
> > subscriber, if enough in a row happens to send with strict DMARC policies.
> >
> > So for some it has worked, some gets an annoying list probe every now
> > and then, some do not get many posts, but the final nail in the coffin
> > was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> > policy and at the same time told us to get our act together and stop
> > sending "unhygienic e-mail".
> >
> > All the best
> > / Raimo
> >
> >
> > Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> > <mailto:[hidden email]>> skrev:
> >
> >     Not having the subject contain [erlang-questions] or some other
> >     obvious indicator is quite unfortunate.  I guess many people were
> >     affected by not being DMARC compliant?  It seems to have been
> >     working just fine for quite some time... ie it "works for me" as it was.
> >
> >     That said, thanks for maintaining the list, and keeping it going.
> >     It is a most useful resource.
> >
> >     Chris
> >
> >     *Sent:* Friday, October 25, 2019 at 7:38 AM
> >     *From:* "Raimo Niskanen" <[hidden email]
> >     <mailto:[hidden email]>>
> >     *To:* [hidden email] <mailto:[hidden email]>
> >     *Subject:* Re: Nobody is unsubscribed
> >     To achieve DMARC compliance we have stopped changing the Subject:
> >     field and no longer add the mailing list footer to the messages.
> >
> >     This is because From: Subject: and mail body among other fields are
> >     often DKIM signed, so if we should change them we would not pass DKIM
> >     signature check and thereby not be DMARC compliant.
> >
> >     Sorry for the inconvenience, we do not make the rules...
> >     / Raimo Niskanen
> >
> >     On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> >     <mailto:[hidden email]>> wrote:
> >     >
> >     > The reason we changed mailing list servers was to get better DMARC and
> >     > DKIM compliance. This is a test post for us to inspect its headers...
> >     > --
> >     > Raimo Niskanen
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Adam Lindberg-7
Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?

Cheers,
Adam

> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
>
> Yes it does. It applies to all mailing lists.
>
> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
>
> Best regards
> / Raimo Niskanen
>
> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
> Does this apply to the EEPS list as well?
>
> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
> >
> > Thanks for doing all of this, regardless.
> >
> > There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> > way that doesn't break some client's "From:" field, subject line, or
> > "Reply:" button in some way, but this seems like the least bad option.
> >
> > I hope my emails make it through to the list now ^_^
> >
> > OT: Be careful of organisations' web contact forms which ask for your
> > email address. Sometimes their web servers generate an email from the
> > form using your email address as the "From:" address, which will break a
> > lot of DKIM/DMARC/SPF stuff.
> > I know of at least one local authority (council) website in the UK which
> > is guilty of this.
> >
> > - Joe
> >
> > On 26/10/2019 07:57, Raimo Niskanen wrote:
> > > It is mainly "the big ones" that have been affected by stricter DMARC
> > > policies.
> > >
> > > When a subscriber sending from e.g Yahoo gets received by Gmail then
> > > Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> > > versa). So the list gets a bounce and eventually blocks the Gmail
> > > subscriber, if enough in a row happens to send with strict DMARC policies.
> > >
> > > So for some it has worked, some gets an annoying list probe every now
> > > and then, some do not get many posts, but the final nail in the coffin
> > > was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> > > policy and at the same time told us to get our act together and stop
> > > sending "unhygienic e-mail".
> > >
> > > All the best
> > > / Raimo
> > >
> > >
> > > Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> > > <mailto:[hidden email]>> skrev:
> > >
> > >     Not having the subject contain [erlang-questions] or some other
> > >     obvious indicator is quite unfortunate.  I guess many people were
> > >     affected by not being DMARC compliant?  It seems to have been
> > >     working just fine for quite some time... ie it "works for me" as it was.
> > >
> > >     That said, thanks for maintaining the list, and keeping it going.
> > >     It is a most useful resource.
> > >
> > >     Chris
> > >
> > >     *Sent:* Friday, October 25, 2019 at 7:38 AM
> > >     *From:* "Raimo Niskanen" <[hidden email]
> > >     <mailto:[hidden email]>>
> > >     *To:* [hidden email] <mailto:[hidden email]>
> > >     *Subject:* Re: Nobody is unsubscribed
> > >     To achieve DMARC compliance we have stopped changing the Subject:
> > >     field and no longer add the mailing list footer to the messages.
> > >
> > >     This is because From: Subject: and mail body among other fields are
> > >     often DKIM signed, so if we should change them we would not pass DKIM
> > >     signature check and thereby not be DMARC compliant.
> > >
> > >     Sorry for the inconvenience, we do not make the rules...
> > >     / Raimo Niskanen
> > >
> > >     On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> > >     <mailto:[hidden email]>> wrote:
> > >     >
> > >     > The reason we changed mailing list servers was to get better DMARC and
> > >     > DKIM compliance. This is a test post for us to inspect its headers...
> > >     > --
> > >     > Raimo Niskanen
> > >
> >

Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Raimo Niskanen-11
On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?

HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
The recent web server upgrade enabled it for erlang.org as well;
we are working on it...

Best regards
/ Raimo


>
> Cheers,
> Adam
>
> > On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
> >
> > Yes it does. It applies to all mailing lists.
> >
> > Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
> >
> > Best regards
> > / Raimo Niskanen
> >
> > Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
> > Does this apply to the EEPS list as well?
> >
> > On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
> > >
> > > Thanks for doing all of this, regardless.
> > >
> > > There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> > > way that doesn't break some client's "From:" field, subject line, or
> > > "Reply:" button in some way, but this seems like the least bad option.
> > >
> > > I hope my emails make it through to the list now ^_^
> > >
> > > OT: Be careful of organisations' web contact forms which ask for your
> > > email address. Sometimes their web servers generate an email from the
> > > form using your email address as the "From:" address, which will break a
> > > lot of DKIM/DMARC/SPF stuff.
> > > I know of at least one local authority (council) website in the UK which
> > > is guilty of this.
> > >
> > > - Joe
> > >
> > > On 26/10/2019 07:57, Raimo Niskanen wrote:
> > > > It is mainly "the big ones" that have been affected by stricter DMARC
> > > > policies.
> > > >
> > > > When a subscriber sending from e.g Yahoo gets received by Gmail then
> > > > Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> > > > versa). So the list gets a bounce and eventually blocks the Gmail
> > > > subscriber, if enough in a row happens to send with strict DMARC policies.
> > > >
> > > > So for some it has worked, some gets an annoying list probe every now
> > > > and then, some do not get many posts, but the final nail in the coffin
> > > > was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> > > > policy and at the same time told us to get our act together and stop
> > > > sending "unhygienic e-mail".
> > > >
> > > > All the best
> > > > / Raimo
> > > >
> > > >
> > > > Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> > > > <mailto:[hidden email]>> skrev:
> > > >
> > > >     Not having the subject contain [erlang-questions] or some other
> > > >     obvious indicator is quite unfortunate.  I guess many people were
> > > >     affected by not being DMARC compliant?  It seems to have been
> > > >     working just fine for quite some time... ie it "works for me" as it was.
> > > >
> > > >     That said, thanks for maintaining the list, and keeping it going.
> > > >     It is a most useful resource.
> > > >
> > > >     Chris
> > > >
> > > >     *Sent:* Friday, October 25, 2019 at 7:38 AM
> > > >     *From:* "Raimo Niskanen" <[hidden email]
> > > >     <mailto:[hidden email]>>
> > > >     *To:* [hidden email] <mailto:[hidden email]>
> > > >     *Subject:* Re: Nobody is unsubscribed
> > > >     To achieve DMARC compliance we have stopped changing the Subject:
> > > >     field and no longer add the mailing list footer to the messages.
> > > >
> > > >     This is because From: Subject: and mail body among other fields are
> > > >     often DKIM signed, so if we should change them we would not pass DKIM
> > > >     signature check and thereby not be DMARC compliant.
> > > >
> > > >     Sorry for the inconvenience, we do not make the rules...
> > > >     / Raimo Niskanen
> > > >
> > > >     On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> > > >     <mailto:[hidden email]>> wrote:
> > > >     >
> > > >     > The reason we changed mailing list servers was to get better DMARC and
> > > >     > DKIM compliance. This is a test post for us to inspect its headers...
> > > >     > --
> > > >     > Raimo Niskanen
> > > >
> > >
>

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Loïc Hoguin-3
For erlang.org itself there's two problems currently: no automatic
redirection from http to https;

And this:

Your connection is not private
This server could not prove that it is erlang.org; its security
certificate is from www2.erlang.org. This may be caused by a
misconfiguration or an attacker intercepting your connection.

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: www2.erlang.org

Issuer: DigiCert SHA2 Secure Server CA

Expires on: Oct 22, 2021

Current date: Nov 4, 2019

Keep up the good work.

On 04/11/2019 11:34, Raimo Niskanen wrote:

> On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
>> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
>
> HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
> The recent web server upgrade enabled it for erlang.org as well;
> we are working on it...
>
> Best regards
> / Raimo
>
>
>>
>> Cheers,
>> Adam
>>
>>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
>>>
>>> Yes it does. It applies to all mailing lists.
>>>
>>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
>>>
>>> Best regards
>>> / Raimo Niskanen
>>>
>>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
>>> Does this apply to the EEPS list as well?
>>>
>>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
>>>>
>>>> Thanks for doing all of this, regardless.
>>>>
>>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
>>>> way that doesn't break some client's "From:" field, subject line, or
>>>> "Reply:" button in some way, but this seems like the least bad option.
>>>>
>>>> I hope my emails make it through to the list now ^_^
>>>>
>>>> OT: Be careful of organisations' web contact forms which ask for your
>>>> email address. Sometimes their web servers generate an email from the
>>>> form using your email address as the "From:" address, which will break a
>>>> lot of DKIM/DMARC/SPF stuff.
>>>> I know of at least one local authority (council) website in the UK which
>>>> is guilty of this.
>>>>
>>>> - Joe
>>>>
>>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
>>>>> It is mainly "the big ones" that have been affected by stricter DMARC
>>>>> policies.
>>>>>
>>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
>>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
>>>>> versa). So the list gets a bounce and eventually blocks the Gmail
>>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
>>>>>
>>>>> So for some it has worked, some gets an annoying list probe every now
>>>>> and then, some do not get many posts, but the final nail in the coffin
>>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
>>>>> policy and at the same time told us to get our act together and stop
>>>>> sending "unhygienic e-mail".
>>>>>
>>>>> All the best
>>>>> / Raimo
>>>>>
>>>>>
>>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
>>>>> <mailto:[hidden email]>> skrev:
>>>>>
>>>>>      Not having the subject contain [erlang-questions] or some other
>>>>>      obvious indicator is quite unfortunate.  I guess many people were
>>>>>      affected by not being DMARC compliant?  It seems to have been
>>>>>      working just fine for quite some time... ie it "works for me" as it was.
>>>>>
>>>>>      That said, thanks for maintaining the list, and keeping it going.
>>>>>      It is a most useful resource.
>>>>>
>>>>>      Chris
>>>>>
>>>>>      *Sent:* Friday, October 25, 2019 at 7:38 AM
>>>>>      *From:* "Raimo Niskanen" <[hidden email]
>>>>>      <mailto:[hidden email]>>
>>>>>      *To:* [hidden email] <mailto:[hidden email]>
>>>>>      *Subject:* Re: Nobody is unsubscribed
>>>>>      To achieve DMARC compliance we have stopped changing the Subject:
>>>>>      field and no longer add the mailing list footer to the messages.
>>>>>
>>>>>      This is because From: Subject: and mail body among other fields are
>>>>>      often DKIM signed, so if we should change them we would not pass DKIM
>>>>>      signature check and thereby not be DMARC compliant.
>>>>>
>>>>>      Sorry for the inconvenience, we do not make the rules...
>>>>>      / Raimo Niskanen
>>>>>
>>>>>      On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
>>>>>      <mailto:[hidden email]>> wrote:
>>>>>      >
>>>>>      > The reason we changed mailing list servers was to get better DMARC and
>>>>>      > DKIM compliance. This is a test post for us to inspect its headers...
>>>>>      > --
>>>>>      > Raimo Niskanen
>>>>>
>>>>
>>
>

--
Loïc Hoguin
https://ninenines.eu
by
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

by
Exactly!

For mailing list web page, I can visit http and https via below links respectively:



Yao

在 2019年11月4日,18:53,Loïc Hoguin <[hidden email]> 写道:

For erlang.org itself there's two problems currently: no automatic redirection from http to https;

And this:

Your connection is not private
This server could not prove that it is erlang.org; its security certificate is from www2.erlang.org. This may be caused by a misconfiguration or an attacker intercepting your connection.

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: www2.erlang.org

Issuer: DigiCert SHA2 Secure Server CA

Expires on: Oct 22, 2021

Current date: Nov 4, 2019

Keep up the good work.

On 04/11/2019 11:34, Raimo Niskanen wrote:
On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
The recent web server upgrade enabled it for erlang.org as well;
we are working on it...
Best regards
/ Raimo

Cheers,
Adam

On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:

Yes it does. It applies to all mailing lists.

Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.

Best regards
/ Raimo Niskanen

Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
Does this apply to the EEPS list as well?

On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:

Thanks for doing all of this, regardless.

There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
way that doesn't break some client's "From:" field, subject line, or
"Reply:" button in some way, but this seems like the least bad option.

I hope my emails make it through to the list now ^_^

OT: Be careful of organisations' web contact forms which ask for your
email address. Sometimes their web servers generate an email from the
form using your email address as the "From:" address, which will break a
lot of DKIM/DMARC/SPF stuff.
I know of at least one local authority (council) website in the UK which
is guilty of this.

- Joe

On 26/10/2019 07:57, Raimo Niskanen wrote:
It is mainly "the big ones" that have been affected by stricter DMARC
policies.

When a subscriber sending from e.g Yahoo gets received by Gmail then
Gmail rejects that message since Yahoo's DMARC policy says so (also vice
versa). So the list gets a bounce and eventually blocks the Gmail
subscriber, if enough in a row happens to send with strict DMARC policies.

So for some it has worked, some gets an annoying list probe every now
and then, some do not get many posts, but the final nail in the coffin
was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
policy and at the same time told us to get our act together and stop
sending "unhygienic e-mail".

All the best
/ Raimo


Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
<mailto:[hidden email]>> skrev:

    Not having the subject contain [erlang-questions] or some other
    obvious indicator is quite unfortunate.  I guess many people were
    affected by not being DMARC compliant?  It seems to have been
    working just fine for quite some time... ie it "works for me" as it was.

    That said, thanks for maintaining the list, and keeping it going.
    It is a most useful resource.

    Chris

    *Sent:* Friday, October 25, 2019 at 7:38 AM
    *From:* "Raimo Niskanen" <[hidden email]
    <mailto:[hidden email]>>
    *To:* [hidden email] <mailto:[hidden email]>
    *Subject:* Re: Nobody is unsubscribed
    To achieve DMARC compliance we have stopped changing the Subject:
    field and no longer add the mailing list footer to the messages.

    This is because From: Subject: and mail body among other fields are
    often DKIM signed, so if we should change them we would not pass DKIM
    signature check and thereby not be DMARC compliant.

    Sorry for the inconvenience, we do not make the rules...
    / Raimo Niskanen

    On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
    <mailto:[hidden email]>> wrote:
    >
    > The reason we changed mailing list servers was to get better DMARC and
    > DKIM compliance. This is a test post for us to inspect its headers...
    > --
    > Raimo Niskanen




--
Loïc Hoguin
https://ninenines.eu
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Raimo Niskanen-11
In reply to this post by Loïc Hoguin-3
On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
> For erlang.org itself there's two problems currently: no automatic
> redirection from http to https;

That seems to be the industry standard now, but I would like content to be
accessible without having to use https.

The redirect for http://erlang.org and https://erlang.org goes to
$scheme://www.erlang.org, which redirects to https://www.erlang.org.

Unfortunately the redirects back from e.g https://www.erlang.org/doc
changes to http://erlang.org/doc because https for erlang.org did not work
until 10 minutes ago.

Would it be sufficient to make those redirects from www.erlang.org to
erlang.org not change from https to http?

That, and the answer 20 lines down...?

>
> And this:
>
> Your connection is not private
> This server could not prove that it is erlang.org; its security
> certificate is from www2.erlang.org. This may be caused by a
> misconfiguration or an attacker intercepting your connection.
>
> NET::ERR_CERT_COMMON_NAME_INVALID
> Subject: www2.erlang.org
>
> Issuer: DigiCert SHA2 Secure Server CA
>
> Expires on: Oct 22, 2021
>
> Current date: Nov 4, 2019

A new certificate is in place, so this should be fixed.

/ Raimo


>
> Keep up the good work.
>
> On 04/11/2019 11:34, Raimo Niskanen wrote:
> > On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
> >> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
> >
> > HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
> > The recent web server upgrade enabled it for erlang.org as well;
> > we are working on it...
> >
> > Best regards
> > / Raimo
> >
> >
> >>
> >> Cheers,
> >> Adam
> >>
> >>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
> >>>
> >>> Yes it does. It applies to all mailing lists.
> >>>
> >>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
> >>>
> >>> Best regards
> >>> / Raimo Niskanen
> >>>
> >>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
> >>> Does this apply to the EEPS list as well?
> >>>
> >>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
> >>>>
> >>>> Thanks for doing all of this, regardless.
> >>>>
> >>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> >>>> way that doesn't break some client's "From:" field, subject line, or
> >>>> "Reply:" button in some way, but this seems like the least bad option.
> >>>>
> >>>> I hope my emails make it through to the list now ^_^
> >>>>
> >>>> OT: Be careful of organisations' web contact forms which ask for your
> >>>> email address. Sometimes their web servers generate an email from the
> >>>> form using your email address as the "From:" address, which will break a
> >>>> lot of DKIM/DMARC/SPF stuff.
> >>>> I know of at least one local authority (council) website in the UK which
> >>>> is guilty of this.
> >>>>
> >>>> - Joe
> >>>>
> >>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
> >>>>> It is mainly "the big ones" that have been affected by stricter DMARC
> >>>>> policies.
> >>>>>
> >>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
> >>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> >>>>> versa). So the list gets a bounce and eventually blocks the Gmail
> >>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
> >>>>>
> >>>>> So for some it has worked, some gets an annoying list probe every now
> >>>>> and then, some do not get many posts, but the final nail in the coffin
> >>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> >>>>> policy and at the same time told us to get our act together and stop
> >>>>> sending "unhygienic e-mail".
> >>>>>
> >>>>> All the best
> >>>>> / Raimo
> >>>>>
> >>>>>
> >>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> >>>>> <mailto:[hidden email]>> skrev:
> >>>>>
> >>>>>      Not having the subject contain [erlang-questions] or some other
> >>>>>      obvious indicator is quite unfortunate.  I guess many people were
> >>>>>      affected by not being DMARC compliant?  It seems to have been
> >>>>>      working just fine for quite some time... ie it "works for me" as it was.
> >>>>>
> >>>>>      That said, thanks for maintaining the list, and keeping it going.
> >>>>>      It is a most useful resource.
> >>>>>
> >>>>>      Chris
> >>>>>
> >>>>>      *Sent:* Friday, October 25, 2019 at 7:38 AM
> >>>>>      *From:* "Raimo Niskanen" <[hidden email]
> >>>>>      <mailto:[hidden email]>>
> >>>>>      *To:* [hidden email] <mailto:[hidden email]>
> >>>>>      *Subject:* Re: Nobody is unsubscribed
> >>>>>      To achieve DMARC compliance we have stopped changing the Subject:
> >>>>>      field and no longer add the mailing list footer to the messages.
> >>>>>
> >>>>>      This is because From: Subject: and mail body among other fields are
> >>>>>      often DKIM signed, so if we should change them we would not pass DKIM
> >>>>>      signature check and thereby not be DMARC compliant.
> >>>>>
> >>>>>      Sorry for the inconvenience, we do not make the rules...
> >>>>>      / Raimo Niskanen
> >>>>>
> >>>>>      On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> >>>>>      <mailto:[hidden email]>> wrote:
> >>>>>      >
> >>>>>      > The reason we changed mailing list servers was to get better DMARC and
> >>>>>      > DKIM compliance. This is a test post for us to inspect its headers...
> >>>>>      > --
> >>>>>      > Raimo Niskanen
> >>>>>
> >>>>
> >>
> >
>
> --
> Loïc Hoguin
> https://ninenines.eu

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Adam Lindberg-7
Have to admit I only tried typing https://erlang.org and noticed the errors.

Cheers,
Adam

> On 4. Nov 2019, at 13:44, Raimo Niskanen <[hidden email]> wrote:
>
> On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
>> For erlang.org itself there's two problems currently: no automatic
>> redirection from http to https;
>
> That seems to be the industry standard now, but I would like content to be
> accessible without having to use https.
>
> The redirect for http://erlang.org and https://erlang.org goes to
> $scheme://www.erlang.org, which redirects to https://www.erlang.org.
>
> Unfortunately the redirects back from e.g https://www.erlang.org/doc
> changes to http://erlang.org/doc because https for erlang.org did not work
> until 10 minutes ago.
>
> Would it be sufficient to make those redirects from www.erlang.org to
> erlang.org not change from https to http?
>
> That, and the answer 20 lines down...?
>
>>
>> And this:
>>
>> Your connection is not private
>> This server could not prove that it is erlang.org; its security
>> certificate is from www2.erlang.org. This may be caused by a
>> misconfiguration or an attacker intercepting your connection.
>>
>> NET::ERR_CERT_COMMON_NAME_INVALID
>> Subject: www2.erlang.org
>>
>> Issuer: DigiCert SHA2 Secure Server CA
>>
>> Expires on: Oct 22, 2021
>>
>> Current date: Nov 4, 2019
>
> A new certificate is in place, so this should be fixed.
>
> / Raimo
>
>
>>
>> Keep up the good work.
>>
>> On 04/11/2019 11:34, Raimo Niskanen wrote:
>>> On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
>>>> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
>>>
>>> HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
>>> The recent web server upgrade enabled it for erlang.org as well;
>>> we are working on it...
>>>
>>> Best regards
>>> / Raimo
>>>
>>>
>>>>
>>>> Cheers,
>>>> Adam
>>>>
>>>>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
>>>>>
>>>>> Yes it does. It applies to all mailing lists.
>>>>>
>>>>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
>>>>>
>>>>> Best regards
>>>>> / Raimo Niskanen
>>>>>
>>>>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
>>>>> Does this apply to the EEPS list as well?
>>>>>
>>>>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
>>>>>>
>>>>>> Thanks for doing all of this, regardless.
>>>>>>
>>>>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
>>>>>> way that doesn't break some client's "From:" field, subject line, or
>>>>>> "Reply:" button in some way, but this seems like the least bad option.
>>>>>>
>>>>>> I hope my emails make it through to the list now ^_^
>>>>>>
>>>>>> OT: Be careful of organisations' web contact forms which ask for your
>>>>>> email address. Sometimes their web servers generate an email from the
>>>>>> form using your email address as the "From:" address, which will break a
>>>>>> lot of DKIM/DMARC/SPF stuff.
>>>>>> I know of at least one local authority (council) website in the UK which
>>>>>> is guilty of this.
>>>>>>
>>>>>> - Joe
>>>>>>
>>>>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
>>>>>>> It is mainly "the big ones" that have been affected by stricter DMARC
>>>>>>> policies.
>>>>>>>
>>>>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
>>>>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
>>>>>>> versa). So the list gets a bounce and eventually blocks the Gmail
>>>>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
>>>>>>>
>>>>>>> So for some it has worked, some gets an annoying list probe every now
>>>>>>> and then, some do not get many posts, but the final nail in the coffin
>>>>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
>>>>>>> policy and at the same time told us to get our act together and stop
>>>>>>> sending "unhygienic e-mail".
>>>>>>>
>>>>>>> All the best
>>>>>>> / Raimo
>>>>>>>
>>>>>>>
>>>>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
>>>>>>> <mailto:[hidden email]>> skrev:
>>>>>>>
>>>>>>>     Not having the subject contain [erlang-questions] or some other
>>>>>>>     obvious indicator is quite unfortunate.  I guess many people were
>>>>>>>     affected by not being DMARC compliant?  It seems to have been
>>>>>>>     working just fine for quite some time... ie it "works for me" as it was.
>>>>>>>
>>>>>>>     That said, thanks for maintaining the list, and keeping it going.
>>>>>>>     It is a most useful resource.
>>>>>>>
>>>>>>>     Chris
>>>>>>>
>>>>>>>     *Sent:* Friday, October 25, 2019 at 7:38 AM
>>>>>>>     *From:* "Raimo Niskanen" <[hidden email]
>>>>>>>     <mailto:[hidden email]>>
>>>>>>>     *To:* [hidden email] <mailto:[hidden email]>
>>>>>>>     *Subject:* Re: Nobody is unsubscribed
>>>>>>>     To achieve DMARC compliance we have stopped changing the Subject:
>>>>>>>     field and no longer add the mailing list footer to the messages.
>>>>>>>
>>>>>>>     This is because From: Subject: and mail body among other fields are
>>>>>>>     often DKIM signed, so if we should change them we would not pass DKIM
>>>>>>>     signature check and thereby not be DMARC compliant.
>>>>>>>
>>>>>>>     Sorry for the inconvenience, we do not make the rules...
>>>>>>>     / Raimo Niskanen
>>>>>>>
>>>>>>>     On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
>>>>>>>     <mailto:[hidden email]>> wrote:
>>>>>>>>
>>>>>>>> The reason we changed mailing list servers was to get better DMARC and
>>>>>>>> DKIM compliance. This is a test post for us to inspect its headers...
>>>>>>>> --
>>>>>>>> Raimo Niskanen
>>>>>>>
>>>>>>
>>>>
>>>
>>
>> --
>> Loïc Hoguin
>> https://ninenines.eu
>
> --
>
> / Raimo Niskanen, Erlang/OTP, Ericsson AB

Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Loïc Hoguin-3
In reply to this post by Raimo Niskanen-11
On 04/11/2019 13:44, Raimo Niskanen wrote:
> On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
>> For erlang.org itself there's two problems currently: no automatic
>> redirection from http to https;
>
> That seems to be the industry standard now, but I would like content to be
> accessible without having to use https.

Redirection is generally not great because you get redirected every time
you go through via http. There's HSTS that gets us one step further by
telling browsers to remember they have to use HTTPS instead of HTTP, so
the initial HTTP call isn't made.

> The redirect for http://erlang.org and https://erlang.org goes to
> $scheme://www.erlang.org, which redirects to https://www.erlang.org.
>
> Unfortunately the redirects back from e.g https://www.erlang.org/doc
> changes to http://erlang.org/doc because https for erlang.org did not work
> until 10 minutes ago.

And redirection tends to lead to this issues.

> Would it be sufficient to make those redirects from www.erlang.org to
> erlang.org not change from https to http?

You definitely shouldn't downgrade if possible. I am wondering however
if you want to leave *browsers* able to access the site via plain HTTP,
or clients in general (including things like curl for example). A policy
like HSTS is only used by clients that understand it (so mostly
browsers) so maybe this is what you want to setup. Browsers would always
go through HTTPS; other clients would be able to use both HTTP and HTTPS.

Cheers,

> That, and the answer 20 lines down...?
>
>>
>> And this:
>>
>> Your connection is not private
>> This server could not prove that it is erlang.org; its security
>> certificate is from www2.erlang.org. This may be caused by a
>> misconfiguration or an attacker intercepting your connection.
>>
>> NET::ERR_CERT_COMMON_NAME_INVALID
>> Subject: www2.erlang.org
>>
>> Issuer: DigiCert SHA2 Secure Server CA
>>
>> Expires on: Oct 22, 2021
>>
>> Current date: Nov 4, 2019
>
> A new certificate is in place, so this should be fixed.
>
> / Raimo
>
>
>>
>> Keep up the good work.
>>
>> On 04/11/2019 11:34, Raimo Niskanen wrote:
>>> On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
>>>> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
>>>
>>> HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
>>> The recent web server upgrade enabled it for erlang.org as well;
>>> we are working on it...
>>>
>>> Best regards
>>> / Raimo
>>>
>>>
>>>>
>>>> Cheers,
>>>> Adam
>>>>
>>>>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
>>>>>
>>>>> Yes it does. It applies to all mailing lists.
>>>>>
>>>>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
>>>>>
>>>>> Best regards
>>>>> / Raimo Niskanen
>>>>>
>>>>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
>>>>> Does this apply to the EEPS list as well?
>>>>>
>>>>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
>>>>>>
>>>>>> Thanks for doing all of this, regardless.
>>>>>>
>>>>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
>>>>>> way that doesn't break some client's "From:" field, subject line, or
>>>>>> "Reply:" button in some way, but this seems like the least bad option.
>>>>>>
>>>>>> I hope my emails make it through to the list now ^_^
>>>>>>
>>>>>> OT: Be careful of organisations' web contact forms which ask for your
>>>>>> email address. Sometimes their web servers generate an email from the
>>>>>> form using your email address as the "From:" address, which will break a
>>>>>> lot of DKIM/DMARC/SPF stuff.
>>>>>> I know of at least one local authority (council) website in the UK which
>>>>>> is guilty of this.
>>>>>>
>>>>>> - Joe
>>>>>>
>>>>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
>>>>>>> It is mainly "the big ones" that have been affected by stricter DMARC
>>>>>>> policies.
>>>>>>>
>>>>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
>>>>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
>>>>>>> versa). So the list gets a bounce and eventually blocks the Gmail
>>>>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
>>>>>>>
>>>>>>> So for some it has worked, some gets an annoying list probe every now
>>>>>>> and then, some do not get many posts, but the final nail in the coffin
>>>>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
>>>>>>> policy and at the same time told us to get our act together and stop
>>>>>>> sending "unhygienic e-mail".
>>>>>>>
>>>>>>> All the best
>>>>>>> / Raimo
>>>>>>>
>>>>>>>
>>>>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
>>>>>>> <mailto:[hidden email]>> skrev:
>>>>>>>
>>>>>>>       Not having the subject contain [erlang-questions] or some other
>>>>>>>       obvious indicator is quite unfortunate.  I guess many people were
>>>>>>>       affected by not being DMARC compliant?  It seems to have been
>>>>>>>       working just fine for quite some time... ie it "works for me" as it was.
>>>>>>>
>>>>>>>       That said, thanks for maintaining the list, and keeping it going.
>>>>>>>       It is a most useful resource.
>>>>>>>
>>>>>>>       Chris
>>>>>>>
>>>>>>>       *Sent:* Friday, October 25, 2019 at 7:38 AM
>>>>>>>       *From:* "Raimo Niskanen" <[hidden email]
>>>>>>>       <mailto:[hidden email]>>
>>>>>>>       *To:* [hidden email] <mailto:[hidden email]>
>>>>>>>       *Subject:* Re: Nobody is unsubscribed
>>>>>>>       To achieve DMARC compliance we have stopped changing the Subject:
>>>>>>>       field and no longer add the mailing list footer to the messages.
>>>>>>>
>>>>>>>       This is because From: Subject: and mail body among other fields are
>>>>>>>       often DKIM signed, so if we should change them we would not pass DKIM
>>>>>>>       signature check and thereby not be DMARC compliant.
>>>>>>>
>>>>>>>       Sorry for the inconvenience, we do not make the rules...
>>>>>>>       / Raimo Niskanen
>>>>>>>
>>>>>>>       On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
>>>>>>>       <mailto:[hidden email]>> wrote:
>>>>>>>       >
>>>>>>>       > The reason we changed mailing list servers was to get better DMARC and
>>>>>>>       > DKIM compliance. This is a test post for us to inspect its headers...
>>>>>>>       > --
>>>>>>>       > Raimo Niskanen
>>>>>>>
>>>>>>
>>>>
>>>
>>
>> --
>> Loïc Hoguin
>> https://ninenines.eu
>

--
Loïc Hoguin
https://ninenines.eu
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Mark Reynolds
Using HSTS without a http to https redirection is against the RFC (6797):

>If an HSTS Host receives an HTTP request message over a non-secure transport, it SHOULD send an HTTP response message containing a status code indicating a permanent redirect, such as status code 301

Also, it's a requirement for inculsion into the HSTS preload list:

>    In order to be accepted to the HSTS preload list through this form, your site must satisfy the following set of requirements:
[…]
>    2- Redirect from HTTP to HTTPS on the same host, if you are listening on port 80.

On Mon, Nov 4, 2019, at 17:30, Loïc Hoguin wrote:

> On 04/11/2019 13:44, Raimo Niskanen wrote:
> > On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
> >> For erlang.org itself there's two problems currently: no automatic
> >> redirection from http to https;
> >
> > That seems to be the industry standard now, but I would like content to be
> > accessible without having to use https.
>
> Redirection is generally not great because you get redirected every time
> you go through via http. There's HSTS that gets us one step further by
> telling browsers to remember they have to use HTTPS instead of HTTP, so
> the initial HTTP call isn't made.
>
> > The redirect for http://erlang.org and https://erlang.org goes to
> > $scheme://www.erlang.org, which redirects to https://www.erlang.org.
> >
> > Unfortunately the redirects back from e.g https://www.erlang.org/doc
> > changes to http://erlang.org/doc because https for erlang.org did not work
> > until 10 minutes ago.
>
> And redirection tends to lead to this issues.
>
> > Would it be sufficient to make those redirects from www.erlang.org to
> > erlang.org not change from https to http?
>
> You definitely shouldn't downgrade if possible. I am wondering however
> if you want to leave *browsers* able to access the site via plain HTTP,
> or clients in general (including things like curl for example). A policy
> like HSTS is only used by clients that understand it (so mostly
> browsers) so maybe this is what you want to setup. Browsers would always
> go through HTTPS; other clients would be able to use both HTTP and HTTPS.
>
> Cheers,
>
> > That, and the answer 20 lines down...?
> >
> >>
> >> And this:
> >>
> >> Your connection is not private
> >> This server could not prove that it is erlang.org; its security
> >> certificate is from www2.erlang.org. This may be caused by a
> >> misconfiguration or an attacker intercepting your connection.
> >>
> >> NET::ERR_CERT_COMMON_NAME_INVALID
> >> Subject: www2.erlang.org
> >>
> >> Issuer: DigiCert SHA2 Secure Server CA
> >>
> >> Expires on: Oct 22, 2021
> >>
> >> Current date: Nov 4, 2019
> >
> > A new certificate is in place, so this should be fixed.
> >
> > / Raimo
> >
> >
> >>
> >> Keep up the good work.
> >>
> >> On 04/11/2019 11:34, Raimo Niskanen wrote:
> >>> On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
> >>>> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
> >>>
> >>> HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
> >>> The recent web server upgrade enabled it for erlang.org as well;
> >>> we are working on it...
> >>>
> >>> Best regards
> >>> / Raimo
> >>>
> >>>
> >>>>
> >>>> Cheers,
> >>>> Adam
> >>>>
> >>>>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
> >>>>>
> >>>>> Yes it does. It applies to all mailing lists.
> >>>>>
> >>>>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
> >>>>>
> >>>>> Best regards
> >>>>> / Raimo Niskanen
> >>>>>
> >>>>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
> >>>>> Does this apply to the EEPS list as well?
> >>>>>
> >>>>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
> >>>>>>
> >>>>>> Thanks for doing all of this, regardless.
> >>>>>>
> >>>>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> >>>>>> way that doesn't break some client's "From:" field, subject line, or
> >>>>>> "Reply:" button in some way, but this seems like the least bad option.
> >>>>>>
> >>>>>> I hope my emails make it through to the list now ^_^
> >>>>>>
> >>>>>> OT: Be careful of organisations' web contact forms which ask for your
> >>>>>> email address. Sometimes their web servers generate an email from the
> >>>>>> form using your email address as the "From:" address, which will break a
> >>>>>> lot of DKIM/DMARC/SPF stuff.
> >>>>>> I know of at least one local authority (council) website in the UK which
> >>>>>> is guilty of this.
> >>>>>>
> >>>>>> - Joe
> >>>>>>
> >>>>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
> >>>>>>> It is mainly "the big ones" that have been affected by stricter DMARC
> >>>>>>> policies.
> >>>>>>>
> >>>>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
> >>>>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> >>>>>>> versa). So the list gets a bounce and eventually blocks the Gmail
> >>>>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
> >>>>>>>
> >>>>>>> So for some it has worked, some gets an annoying list probe every now
> >>>>>>> and then, some do not get many posts, but the final nail in the coffin
> >>>>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> >>>>>>> policy and at the same time told us to get our act together and stop
> >>>>>>> sending "unhygienic e-mail".
> >>>>>>>
> >>>>>>> All the best
> >>>>>>> / Raimo
> >>>>>>>
> >>>>>>>
> >>>>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> >>>>>>> <mailto:[hidden email]>> skrev:
> >>>>>>>
> >>>>>>>       Not having the subject contain [erlang-questions] or some other
> >>>>>>>       obvious indicator is quite unfortunate.  I guess many people were
> >>>>>>>       affected by not being DMARC compliant?  It seems to have been
> >>>>>>>       working just fine for quite some time... ie it "works for me" as it was.
> >>>>>>>
> >>>>>>>       That said, thanks for maintaining the list, and keeping it going.
> >>>>>>>       It is a most useful resource.
> >>>>>>>
> >>>>>>>       Chris
> >>>>>>>
> >>>>>>>       *Sent:* Friday, October 25, 2019 at 7:38 AM
> >>>>>>>       *From:* "Raimo Niskanen" <[hidden email]
> >>>>>>>       <mailto:[hidden email]>>
> >>>>>>>       *To:* [hidden email] <mailto:[hidden email]>
> >>>>>>>       *Subject:* Re: Nobody is unsubscribed
> >>>>>>>       To achieve DMARC compliance we have stopped changing the Subject:
> >>>>>>>       field and no longer add the mailing list footer to the messages.
> >>>>>>>
> >>>>>>>       This is because From: Subject: and mail body among other fields are
> >>>>>>>       often DKIM signed, so if we should change them we would not pass DKIM
> >>>>>>>       signature check and thereby not be DMARC compliant.
> >>>>>>>
> >>>>>>>       Sorry for the inconvenience, we do not make the rules...
> >>>>>>>       / Raimo Niskanen
> >>>>>>>
> >>>>>>>       On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> >>>>>>>       <mailto:[hidden email]>> wrote:
> >>>>>>>       >
> >>>>>>>       > The reason we changed mailing list servers was to get better DMARC and
> >>>>>>>       > DKIM compliance. This is a test post for us to inspect its headers...
> >>>>>>>       > --
> >>>>>>>       > Raimo Niskanen
> >>>>>>>
> >>>>>>
> >>>>
> >>>
> >>
> >> --
> >> Loïc Hoguin
> >> https://ninenines.eu
> >
>
> --
> Loïc Hoguin
> https://ninenines.eu
>
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Loïc Hoguin-3
Yes it's a requirement for the preload list, but it's not required in
the RFC, it's just a SHOULD[1]. So erlang.org can definitely be setup
like I mentioned. Not perfect but could be the most appropriate solution
considering Raimo wants content to be available via plain HTTP.

[1]SHOULD   This word, or the adjective "RECOMMENDED", mean that there
    may exist valid reasons in particular circumstances to ignore a
    particular item, but the full implications must be understood and
    carefully weighed before choosing a different course.

On 04/11/2019 21:00, Mark Reynolds wrote:

> Using HSTS without a http to https redirection is against the RFC (6797):
>
>> If an HSTS Host receives an HTTP request message over a non-secure transport, it SHOULD send an HTTP response message containing a status code indicating a permanent redirect, such as status code 301
>
> Also, it's a requirement for inculsion into the HSTS preload list:
>
>>     In order to be accepted to the HSTS preload list through this form, your site must satisfy the following set of requirements:
> […]
>>     2- Redirect from HTTP to HTTPS on the same host, if you are listening on port 80.
>
> On Mon, Nov 4, 2019, at 17:30, Loïc Hoguin wrote:
>> On 04/11/2019 13:44, Raimo Niskanen wrote:
>>> On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
>>>> For erlang.org itself there's two problems currently: no automatic
>>>> redirection from http to https;
>>>
>>> That seems to be the industry standard now, but I would like content to be
>>> accessible without having to use https.
>>
>> Redirection is generally not great because you get redirected every time
>> you go through via http. There's HSTS that gets us one step further by
>> telling browsers to remember they have to use HTTPS instead of HTTP, so
>> the initial HTTP call isn't made.
>>
>>> The redirect for http://erlang.org and https://erlang.org goes to
>>> $scheme://www.erlang.org, which redirects to https://www.erlang.org.
>>>
>>> Unfortunately the redirects back from e.g https://www.erlang.org/doc
>>> changes to http://erlang.org/doc because https for erlang.org did not work
>>> until 10 minutes ago.
>>
>> And redirection tends to lead to this issues.
>>
>>> Would it be sufficient to make those redirects from www.erlang.org to
>>> erlang.org not change from https to http?
>>
>> You definitely shouldn't downgrade if possible. I am wondering however
>> if you want to leave *browsers* able to access the site via plain HTTP,
>> or clients in general (including things like curl for example). A policy
>> like HSTS is only used by clients that understand it (so mostly
>> browsers) so maybe this is what you want to setup. Browsers would always
>> go through HTTPS; other clients would be able to use both HTTP and HTTPS.
>>
>> Cheers,
>>
>>> That, and the answer 20 lines down...?
>>>
>>>>
>>>> And this:
>>>>
>>>> Your connection is not private
>>>> This server could not prove that it is erlang.org; its security
>>>> certificate is from www2.erlang.org. This may be caused by a
>>>> misconfiguration or an attacker intercepting your connection.
>>>>
>>>> NET::ERR_CERT_COMMON_NAME_INVALID
>>>> Subject: www2.erlang.org
>>>>
>>>> Issuer: DigiCert SHA2 Secure Server CA
>>>>
>>>> Expires on: Oct 22, 2021
>>>>
>>>> Current date: Nov 4, 2019
>>>
>>> A new certificate is in place, so this should be fixed.
>>>
>>> / Raimo
>>>
>>>
>>>>
>>>> Keep up the good work.
>>>>
>>>> On 04/11/2019 11:34, Raimo Niskanen wrote:
>>>>> On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
>>>>>> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
>>>>>
>>>>> HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
>>>>> The recent web server upgrade enabled it for erlang.org as well;
>>>>> we are working on it...
>>>>>
>>>>> Best regards
>>>>> / Raimo
>>>>>
>>>>>
>>>>>>
>>>>>> Cheers,
>>>>>> Adam
>>>>>>
>>>>>>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
>>>>>>>
>>>>>>> Yes it does. It applies to all mailing lists.
>>>>>>>
>>>>>>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
>>>>>>>
>>>>>>> Best regards
>>>>>>> / Raimo Niskanen
>>>>>>>
>>>>>>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
>>>>>>> Does this apply to the EEPS list as well?
>>>>>>>
>>>>>>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
>>>>>>>>
>>>>>>>> Thanks for doing all of this, regardless.
>>>>>>>>
>>>>>>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
>>>>>>>> way that doesn't break some client's "From:" field, subject line, or
>>>>>>>> "Reply:" button in some way, but this seems like the least bad option.
>>>>>>>>
>>>>>>>> I hope my emails make it through to the list now ^_^
>>>>>>>>
>>>>>>>> OT: Be careful of organisations' web contact forms which ask for your
>>>>>>>> email address. Sometimes their web servers generate an email from the
>>>>>>>> form using your email address as the "From:" address, which will break a
>>>>>>>> lot of DKIM/DMARC/SPF stuff.
>>>>>>>> I know of at least one local authority (council) website in the UK which
>>>>>>>> is guilty of this.
>>>>>>>>
>>>>>>>> - Joe
>>>>>>>>
>>>>>>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
>>>>>>>>> It is mainly "the big ones" that have been affected by stricter DMARC
>>>>>>>>> policies.
>>>>>>>>>
>>>>>>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
>>>>>>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
>>>>>>>>> versa). So the list gets a bounce and eventually blocks the Gmail
>>>>>>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
>>>>>>>>>
>>>>>>>>> So for some it has worked, some gets an annoying list probe every now
>>>>>>>>> and then, some do not get many posts, but the final nail in the coffin
>>>>>>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
>>>>>>>>> policy and at the same time told us to get our act together and stop
>>>>>>>>> sending "unhygienic e-mail".
>>>>>>>>>
>>>>>>>>> All the best
>>>>>>>>> / Raimo
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
>>>>>>>>> <mailto:[hidden email]>> skrev:
>>>>>>>>>
>>>>>>>>>        Not having the subject contain [erlang-questions] or some other
>>>>>>>>>        obvious indicator is quite unfortunate.  I guess many people were
>>>>>>>>>        affected by not being DMARC compliant?  It seems to have been
>>>>>>>>>        working just fine for quite some time... ie it "works for me" as it was.
>>>>>>>>>
>>>>>>>>>        That said, thanks for maintaining the list, and keeping it going.
>>>>>>>>>        It is a most useful resource.
>>>>>>>>>
>>>>>>>>>        Chris
>>>>>>>>>
>>>>>>>>>        *Sent:* Friday, October 25, 2019 at 7:38 AM
>>>>>>>>>        *From:* "Raimo Niskanen" <[hidden email]
>>>>>>>>>        <mailto:[hidden email]>>
>>>>>>>>>        *To:* [hidden email] <mailto:[hidden email]>
>>>>>>>>>        *Subject:* Re: Nobody is unsubscribed
>>>>>>>>>        To achieve DMARC compliance we have stopped changing the Subject:
>>>>>>>>>        field and no longer add the mailing list footer to the messages.
>>>>>>>>>
>>>>>>>>>        This is because From: Subject: and mail body among other fields are
>>>>>>>>>        often DKIM signed, so if we should change them we would not pass DKIM
>>>>>>>>>        signature check and thereby not be DMARC compliant.
>>>>>>>>>
>>>>>>>>>        Sorry for the inconvenience, we do not make the rules...
>>>>>>>>>        / Raimo Niskanen
>>>>>>>>>
>>>>>>>>>        On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
>>>>>>>>>        <mailto:[hidden email]>> wrote:
>>>>>>>>>        >
>>>>>>>>>        > The reason we changed mailing list servers was to get better DMARC and
>>>>>>>>>        > DKIM compliance. This is a test post for us to inspect its headers...
>>>>>>>>>        > --
>>>>>>>>>        > Raimo Niskanen
>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Loïc Hoguin
>>>> https://ninenines.eu
>>>
>>
>> --
>> Loïc Hoguin
>> https://ninenines.eu
>>

--
Loïc Hoguin
https://ninenines.eu
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

Raimo Niskanen-11
In reply to this post by Loïc Hoguin-3
Certificates are now in place, and redirects are "working", so if you go to
http://erlang.org you end up at https://www.erlang.org/.

Remains that many links back from https://www.erlang.org to erlang.org
downgrade to http:.

We have not (yet) implemented HTTP Strict Transport Security (HSTS)
on erlang.org or any of its subdomains.

Will that be frowned upon?

If not I think we ore done for now (apart from hunting down all bad links
mentioned above).

Thank you for your feedback!
/ Raimo Niskanen


On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:

> For erlang.org itself there's two problems currently: no automatic
> redirection from http to https;
>
> And this:
>
> Your connection is not private
> This server could not prove that it is erlang.org; its security
> certificate is from www2.erlang.org. This may be caused by a
> misconfiguration or an attacker intercepting your connection.
>
> NET::ERR_CERT_COMMON_NAME_INVALID
> Subject: www2.erlang.org
>
> Issuer: DigiCert SHA2 Secure Server CA
>
> Expires on: Oct 22, 2021
>
> Current date: Nov 4, 2019
>
> Keep up the good work.
>
> On 04/11/2019 11:34, Raimo Niskanen wrote:
> > On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
> >> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
> >
> > HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
> > The recent web server upgrade enabled it for erlang.org as well;
> > we are working on it...
> >
> > Best regards
> > / Raimo
> >
> >
> >>
> >> Cheers,
> >> Adam
> >>
> >>> On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:
> >>>
> >>> Yes it does. It applies to all mailing lists.
> >>>
> >>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
> >>>
> >>> Best regards
> >>> / Raimo Niskanen
> >>>
> >>> Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
> >>> Does this apply to the EEPS list as well?
> >>>
> >>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:
> >>>>
> >>>> Thanks for doing all of this, regardless.
> >>>>
> >>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> >>>> way that doesn't break some client's "From:" field, subject line, or
> >>>> "Reply:" button in some way, but this seems like the least bad option.
> >>>>
> >>>> I hope my emails make it through to the list now ^_^
> >>>>
> >>>> OT: Be careful of organisations' web contact forms which ask for your
> >>>> email address. Sometimes their web servers generate an email from the
> >>>> form using your email address as the "From:" address, which will break a
> >>>> lot of DKIM/DMARC/SPF stuff.
> >>>> I know of at least one local authority (council) website in the UK which
> >>>> is guilty of this.
> >>>>
> >>>> - Joe
> >>>>
> >>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
> >>>>> It is mainly "the big ones" that have been affected by stricter DMARC
> >>>>> policies.
> >>>>>
> >>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
> >>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> >>>>> versa). So the list gets a bounce and eventually blocks the Gmail
> >>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
> >>>>>
> >>>>> So for some it has worked, some gets an annoying list probe every now
> >>>>> and then, some do not get many posts, but the final nail in the coffin
> >>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> >>>>> policy and at the same time told us to get our act together and stop
> >>>>> sending "unhygienic e-mail".
> >>>>>
> >>>>> All the best
> >>>>> / Raimo
> >>>>>
> >>>>>
> >>>>> Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
> >>>>> <mailto:[hidden email]>> skrev:
> >>>>>
> >>>>>      Not having the subject contain [erlang-questions] or some other
> >>>>>      obvious indicator is quite unfortunate.  I guess many people were
> >>>>>      affected by not being DMARC compliant?  It seems to have been
> >>>>>      working just fine for quite some time... ie it "works for me" as it was.
> >>>>>
> >>>>>      That said, thanks for maintaining the list, and keeping it going.
> >>>>>      It is a most useful resource.
> >>>>>
> >>>>>      Chris
> >>>>>
> >>>>>      *Sent:* Friday, October 25, 2019 at 7:38 AM
> >>>>>      *From:* "Raimo Niskanen" <[hidden email]
> >>>>>      <mailto:[hidden email]>>
> >>>>>      *To:* [hidden email] <mailto:[hidden email]>
> >>>>>      *Subject:* Re: Nobody is unsubscribed
> >>>>>      To achieve DMARC compliance we have stopped changing the Subject:
> >>>>>      field and no longer add the mailing list footer to the messages.
> >>>>>
> >>>>>      This is because From: Subject: and mail body among other fields are
> >>>>>      often DKIM signed, so if we should change them we would not pass DKIM
> >>>>>      signature check and thereby not be DMARC compliant.
> >>>>>
> >>>>>      Sorry for the inconvenience, we do not make the rules...
> >>>>>      / Raimo Niskanen
> >>>>>
> >>>>>      On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
> >>>>>      <mailto:[hidden email]>> wrote:
> >>>>>      >
> >>>>>      > The reason we changed mailing list servers was to get better DMARC and
> >>>>>      > DKIM compliance. This is a test post for us to inspect its headers...
> >>>>>      > --
> >>>>>      > Raimo Niskanen
> >>>>>
> >>>>
> >>
> >
>
> --
> Loïc Hoguin
> https://ninenines.eu

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB
by
Reply | Threaded
Open this post in threaded view
|

Re: Nobody is unsubscribed

by
Hi,



When a new Erlang user try to subscribe to this mailing list, he/she will input some information through http if link http://erlang.org/mailman/listinfo/erlang-questions is the final target.

Yao

在 2019年11月5日,23:46,Raimo Niskanen <[hidden email]> 写道:

Certificates are now in place, and redirects are "working", so if you go to
http://erlang.org you end up at https://www.erlang.org/.

Remains that many links back from https://www.erlang.org to erlang.org
downgrade to http:.

We have not (yet) implemented HTTP Strict Transport Security (HSTS)
on erlang.org or any of its subdomains.

Will that be frowned upon?

If not I think we ore done for now (apart from hunting down all bad links
mentioned above).

Thank you for your feedback!
/ Raimo Niskanen


On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
For erlang.org itself there's two problems currently: no automatic
redirection from http to https;

And this:

Your connection is not private
This server could not prove that it is erlang.org; its security
certificate is from www2.erlang.org. This may be caused by a
misconfiguration or an attacker intercepting your connection.

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: www2.erlang.org

Issuer: DigiCert SHA2 Secure Server CA

Expires on: Oct 22, 2021

Current date: Nov 4, 2019

Keep up the good work.

On 04/11/2019 11:34, Raimo Niskanen wrote:
On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?

HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
The recent web server upgrade enabled it for erlang.org as well;
we are working on it...

Best regards
/ Raimo



Cheers,
Adam

On 2. Nov 2019, at 09:14, Raimo Niskanen <[hidden email]> wrote:

Yes it does. It applies to all mailing lists.

Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.

Best regards
/ Raimo Niskanen

Den lör 2 nov. 2019 02:47Richard O'Keefe <[hidden email]> skrev:
Does this apply to the EEPS list as well?

On Sat, 2 Nov 2019 at 04:25, Joe Harrison <[hidden email]> wrote:

Thanks for doing all of this, regardless.

There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
way that doesn't break some client's "From:" field, subject line, or
"Reply:" button in some way, but this seems like the least bad option.

I hope my emails make it through to the list now ^_^

OT: Be careful of organisations' web contact forms which ask for your
email address. Sometimes their web servers generate an email from the
form using your email address as the "From:" address, which will break a
lot of DKIM/DMARC/SPF stuff.
I know of at least one local authority (council) website in the UK which
is guilty of this.

- Joe

On 26/10/2019 07:57, Raimo Niskanen wrote:
It is mainly "the big ones" that have been affected by stricter DMARC
policies.

When a subscriber sending from e.g Yahoo gets received by Gmail then
Gmail rejects that message since Yahoo's DMARC policy says so (also vice
versa). So the list gets a bounce and eventually blocks the Gmail
subscriber, if enough in a row happens to send with strict DMARC policies.

So for some it has worked, some gets an annoying list probe every now
and then, some do not get many posts, but the final nail in the coffin
was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
policy and at the same time told us to get our act together and stop
sending "unhygienic e-mail".

All the best
/ Raimo


Den fre 25 okt. 2019 16:58Chris Rempel <[hidden email]
<[hidden email]>> skrev:

    Not having the subject contain [erlang-questions] or some other
    obvious indicator is quite unfortunate.  I guess many people were
    affected by not being DMARC compliant?  It seems to have been
    working just fine for quite some time... ie it "works for me" as it was.

    That said, thanks for maintaining the list, and keeping it going.
    It is a most useful resource.

    Chris

    *Sent:* Friday, October 25, 2019 at 7:38 AM
    *From:* "Raimo Niskanen" <[hidden email]
    <[hidden email]>>
    *To:* [hidden email] <[hidden email]>
    *Subject:* Re: Nobody is unsubscribed
    To achieve DMARC compliance we have stopped changing the Subject:
    field and no longer add the mailing list footer to the messages.

    This is because From: Subject: and mail body among other fields are
    often DKIM signed, so if we should change them we would not pass DKIM
    signature check and thereby not be DMARC compliant.

    Sorry for the inconvenience, we do not make the rules...
    / Raimo Niskanen

    On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <[hidden email]
    <[hidden email]>> wrote:

The reason we changed mailing list servers was to get better DMARC and
DKIM compliance. This is a test post for us to inspect its headers...
--
Raimo Niskanen





--
Loïc Hoguin
https://ninenines.eu

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

12