Hi Warren,

If you set dmarc_moderation_action to "Munge from", the list will detect when someone posts from a domain that publishes a request for strict signature checking for all mails originating from it (in DNS) and rewrite the envelope-from to the list's address.  Reply-to will be added and set to the original sender.

I think that this is probably a better way to workaround the issue (rather than playing with getting the list to not break the signature) until these things mature further.

Thoughts?

--adam


 

On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <wtogami@gmail.com> wrote:
On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote:
The new list currently has footers removed during testing.  I am not pleased with the need to remove the subject tag and footer to be more compatible with DKIM users.

Lists can do what are effectively MITM attacks on people's messages in any way they like, if they resign for the messages themselves. That seems fair to me!  :)

Mailman isn't resigning it.  Should it be?  Does other mailing list software? 
 
 
 I'm guessing DKIM enforcement is not very common because of issues like this?

DKIM is used by most mail on the internet. DMARC rules that publish in DNS statements like "All mail from bitpay.com is signed correctly so trash any that isn't" are used on some of the worlds most heavily phished domains like google.com, PayPal, eBay, and indeed BitPay. 

These rules are understood and enforced by all major webmail providers including Gmail. It's actually only rusty geek infrastructure that has problems with this, I've never heard of DKIM/DMARC users having issues outside of dealing with mailman. The vast majority of email users who never post to technical mailing lists benefit from it significantly.

Really everyone should use them. Adding cryptographic integrity to email is hardly a crazy idea :)

I understand the reason to protect the "heavily phished" domains.  I heard that LKML does not modify the subject or add a footer, perhaps because it would make it incompatible with DKIM of the several big corporate domains who participate.

I suppose it is somewhat acceptable for us to remove subject tags and footers if we have no choice...

Warren

------------------------------------------------------------------------------

_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development