Subject: The mailing list for listmasters using Sympa
List archive
- From: Miles Fidelman <address@concealed>
- To: "address@concealed" <address@concealed>
- Subject: Re: [sympa-users] DMARC update?
- Date: Fri, 11 Apr 2014 00:29:18 -0400
There's been a lot of traffic about this on the mailops, dmarc, and nanog lists, as well as the mailman list.
Rewriting the from header does seem to be the easiest response - which is what mailman seems to be implementing, as well as this response:
http://onlinegroups.net/blog/2014/04/10/yahoo-dmarc-better-mailing-list-manager/
It's also claimed (by dmarc.org and google) that adding an Original-Authentication-Results header, then adding one's own DKIM header works:
http://www.dmarc.org/faq.html#s_3
but I haven't seen that one actually performed by anyone yet.
Given that the newer versions of Sympa do have both incoming and outgoing DKIM capability - that would seem at least worth trying. But.. of course, that has to be done as part of Sympa internals.
One thing I've been thinking about is weather one could validate DKIM and apply an Original-Authentication-Results header via one's incoming MTA, and then use Sympa's outgoing DKI to re-sign the message.
Miles
Steve Shipway wrote:
I'm not sure what possible workarounds there really are.
You cannot just strip the DKIM signature (as Yahoo.com's DMARC record states
the DKIM must be present and correct).
Leaving the Subject, From and Reply-To unmodified does not work, since Yahoo
make their DKIM signature also apply to the Receive headers. Passing
through your system will always add some of these rendering the signature
invalid.
Stripping the signature AND anonymising the From header works (at least,
where I've tried it here), but this of course removes the identity of the
sender. This functionality is already present in Sympa (add the
remove-headers and anonymous options to your list) but is not really
desirable.
I cannot see any way to allow the From header to remain unchanged as an
@yahoo.com address, but for the message to still pass DMARC.
One possibility might be to add a new anonymising mode, where the From
address is replaced, but the original is preserved as the Full Name. EG:
From: Steve Shipway <address@concealed>
...can be rewritten as...
From: "Steve Shipway <address@concealed>" <address@concealed>
This might be a vaguely acceptable solution. It would require a little work
in Sympa though to add the new option to the system, possibly as a suboption
to anonymous_sender, so only modifying List.pm. I'll take a look and see if
I can make a suggested patch.
Steve
Steve Shipway
address@concealed
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
-
[sympa-users] DMARC update?,
Miles Fidelman, 04/11/2014
-
RE: [sympa-users] DMARC update?,
Steve Shipway, 04/11/2014
- Re: [sympa-users] DMARC update?, Miles Fidelman, 04/11/2014
-
Re: [sympa-users] DMARC update?,
Erik Olson, 04/11/2014
- Re: [sympa-users] DMARC update?, Miles Fidelman, 04/11/2014
- RE: [sympa-users] DMARC update?, Steve Shipway, 04/11/2014
- Re: [sympa-users] DMARC update?, Matt Taggart, 04/11/2014
- RE: [sympa-users] DMARC update?, Steve Shipway, 04/11/2014
-
RE: [sympa-users] DMARC update?,
Steve Shipway, 04/11/2014
Archive powered by MHonArc 2.6.19+.