[meta] Messages not reaching the mailing list

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[meta] Messages not reaching the mailing list

Joe Harrison-2
Hey everyone,

tl;dr it appears that the mailing list software is modifying message
headers/bodies, leading to broken message signatures, ultimately causing
mail providers to outright *reject* some messages from the list.

---

Just a note to those that are having problems with their messages
getting onto the mailing list.

The erlang-questions Mailman configuration seems to be breaking DKIM
signatures, which means that messages from the mailing list will be
marked as either spam or outright rejected depending on the DMARC policy
of the original sender's domain.

Assuming this is the case, the mailing list owners need to read:

https://wiki.list.org/DEV/DMARC

and pick an option, while those sending from domains with strict DMARC
policies should temporarily send messages from a different domain.

Cheers,
Joe

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: [meta] Messages not reaching the mailing list

Raimo Niskanen-2
On Sat, Aug 11, 2018 at 03:55:48PM +0100, Joe Harrison wrote:
> Hey everyone,
>
> tl;dr it appears that the mailing list software is modifying message
> headers/bodies, leading to broken message signatures, ultimately causing

This is default mailing list behaviour since the dawn of the Internet.

> mail providers to outright *reject* some messages from the list.

This is a new behaviour caused by the DMARC project completely ignoring
mailing lists when they created their new nifty feature.

>
> ---
>
> Just a note to those that are having problems with their messages
> getting onto the mailing list.
>
> The erlang-questions Mailman configuration seems to be breaking DKIM
> signatures, which means that messages from the mailing list will be
> marked as either spam or outright rejected depending on the DMARC policy
> of the original sender's domain.
>
> Assuming this is the case, the mailing list owners need to read:
>
> https://wiki.list.org/DEV/DMARC
>
> and pick an option, while those sending from domains with strict DMARC

Unfortunately it is not enough to _read_ that document. ;-)

In this case "pick an option" constitutes of upgrading the mail server
machine OS, installing a newer Mailman that has got these options to pick,
configuring a new web server to handle the mailing list archives,
configuring a new mail server for the new Mailan, and re-implementing
the mail list archive address obscurification via .png pictures that
Mailman still has not implemented.  And then "pick an option".

While maintaining the real business...

Hopefully this will happen within a month or so.


> policies should temporarily send messages from a different domain.
>
> Cheers,
> Joe
>

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: [meta] Messages not reaching the mailing list

Joe Harrison-2


On 15/08/18 14:22, Raimo Niskanen wrote:

> On Sat, Aug 11, 2018 at 03:55:48PM +0100, Joe Harrison wrote:
>> Hey everyone,
>>
>> tl;dr it appears that the mailing list software is modifying message
>> headers/bodies, leading to broken message signatures, ultimately causing
>
> This is default mailing list behaviour since the dawn of the Internet.
>
>> mail providers to outright *reject* some messages from the list.
>
> This is a new behaviour caused by the DMARC project completely ignoring
> mailing lists when they created their new nifty feature

Yes, it's an unfortunate breakage, but it's also a modern spam
mitigation technique, and it's slowly gaining steam amongst the bigger
free providers (there were rumours of gmail setting "p=reject" in 2017).

>
>>
>> ---
>>
>> Just a note to those that are having problems with their messages
>> getting onto the mailing list.
>>
>> The erlang-questions Mailman configuration seems to be breaking DKIM
>> signatures, which means that messages from the mailing list will be
>> marked as either spam or outright rejected depending on the DMARC policy
>> of the original sender's domain.
>>
>> Assuming this is the case, the mailing list owners need to read:
>>
>> https://wiki.list.org/DEV/DMARC
>>
>> and pick an option, while those sending from domains with strict DMARC
>
> Unfortunately it is not enough to _read_ that document. ;-)
>
> In this case "pick an option" constitutes of upgrading the mail server
> machine OS, installing a newer Mailman that has got these options to pick,
> configuring a new web server to handle the mailing list archives,
> configuring a new mail server for the new Mailan, and re-implementing
> the mail list archive address obscurification via .png pictures that
> Mailman still has not implemented.  And then "pick an option".
I feel your pain. I sympathise with mailing list managers - I've had the
displeasure of running Mailman once myself.

As an aside, it looks like Mailman 3 has switched from pipermail to
hyperkitty, which might provide the obfuscation/hiding of email
addresses that you're looking for.

>
> While maintaining the real business...
>
> Hopefully this will happen within a month or so.

Thank you for your time. I realise this is not a high priority thing :)

>
>
>> policies should temporarily send messages from a different domain.
>>
>> Cheers,
>> Joe
>>
>
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: [meta] Messages not reaching the mailing list

Raimo Niskanen-2
On Wed, Aug 15, 2018 at 03:17:51PM +0100, Joe Harrison wrote:

>
>
> On 15/08/18 14:22, Raimo Niskanen wrote:
> > On Sat, Aug 11, 2018 at 03:55:48PM +0100, Joe Harrison wrote:
> >> Hey everyone,
> >>
> >> tl;dr it appears that the mailing list software is modifying message
> >> headers/bodies, leading to broken message signatures, ultimately causing
> >
> > This is default mailing list behaviour since the dawn of the Internet.
> >
> >> mail providers to outright *reject* some messages from the list.
> >
> > This is a new behaviour caused by the DMARC project completely ignoring
> > mailing lists when they created their new nifty feature
>
> Yes, it's an unfortunate breakage, but it's also a modern spam
> mitigation technique, and it's slowly gaining steam amongst the bigger
> free providers (there were rumours of gmail setting "p=reject" in 2017).

I know, I am just whining...
It seems Ericsson is also about to enforce DMARC, probably through
p=reject, so I have Ericsson Security breathing down my neck.

>
: :
>
> As an aside, it looks like Mailman 3 has switched from pipermail to
> hyperkitty, which might provide the obfuscation/hiding of email
> addresses that you're looking for.

Thank you - I will have a look at that.  Last time I looked it seemed that
Mailman 3 was not quite ready for prime time.

>
> >
> > While maintaining the real business...
> >
> > Hopefully this will happen within a month or so.
>
> Thank you for your time. I realise this is not a high priority thing :)

More like "hard to prioritize", albeit important... ;-(


>
> >
> >
> >> policies should temporarily send messages from a different domain.
> >>
> >> Cheers,
> >> Joe
> >>
> >

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: [meta] Messages not reaching the mailing list

Technion
In reply to this post by Joe Harrison-2


Hi,

I've tried running corporate systems which reject mail that fails DMARC, I wouldn't recommend it. Google would never ever do it - you reject an astounding amount of legitimate email (including most email from Australian Government organisations like the new MyHealth system) and you very quickly get a C-level person demanding you "fix" the mail system. I was whitelisting ten+ domains a day until I gave in.

In terms of blocking spam, you'll achieve just about nothing. A high portion of spam these days comes from compromised mail accounts, which come "legitimately" from Office 365 or Gmail's own servers and successfully pass any SPF and DKIM rules in place, even where DMARC is setup to enforce as such - which is pretty rare.

Unfortunately this breakage does an awful lot more harm than good at this point, although I'd look forward to a future where this changes.


From: [hidden email] <[hidden email]> on behalf of Joe Harrison <[hidden email]>
Sent: Thursday, 16 August 2018 12:17 AM
To: Raimo Niskanen
Cc: [hidden email]
Subject: Re: [erlang-questions] [meta] Messages not reaching the mailing list
 


On 15/08/18 14:22, Raimo Niskanen wrote:
..

Yes, it's an unfortunate breakage, but it's also a modern spam
mitigation technique, and it's slowly gaining steam amongst the bigger
free providers (there were rumours of gmail setting "p=reject" in 2017).


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions