The mailing list for listmasters using Sympa

[Miles Fidelman <address@concealed>]

There's been a lot of traffic about this on the mailops, dmarc, and 
nanog lists, as well as the mailman list.

Rewriting the from header does seem to be the easiest response - which 
is what mailman seems to be implementing, as well as this response:
http://onlinegroups.net/blog/2014/04/10/yahoo-dmarc-better-mailing-list-manager/

It's also claimed (by dmarc.org and google) that adding an 
Original-Authentication-Results header, then adding one's own DKIM 
header works:
http://www.dmarc.org/faq.html#s_3
but I haven't seen that one actually performed by anyone yet.

Given that the newer versions of Sympa do have both incoming and 
outgoing DKIM capability - that would seem at least worth trying. But.. 
of course, that has to be done as part of Sympa internals.

One thing I've been thinking about is weather one could validate DKIM 
and apply an Original-Authentication-Results header via one's incoming 
MTA, and then use Sympa's outgoing DKI to re-sign the message.

Miles

Steve Shipway wrote:
> I'm not sure what possible workarounds there really are.
>
> You cannot just strip the DKIM signature (as Yahoo.com's DMARC record states
> the DKIM must be present and correct).
>
> Leaving the Subject, From and Reply-To unmodified does not work, since Yahoo
> make their DKIM signature also apply to the Receive headers.  Passing
> through your system will always add some of these rendering the signature
> invalid.
>
> Stripping the signature AND anonymising the From header works (at least,
> where I've tried it here), but this of course removes the identity of the
> sender.  This functionality is already present in Sympa (add the
> remove-headers and anonymous options to your list) but is not really
> desirable.
>
> I cannot see any way to allow the From header to remain unchanged as an
> @yahoo.com address, but for the message to still pass DMARC.
>
> One possibility might be to add a new anonymising mode, where the From
> address is replaced, but the original is preserved as the Full Name.  EG:
>
> From: Steve Shipway <address@concealed>
>
> ...can be rewritten as...
>
> From: "Steve Shipway <address@concealed>" <address@concealed>
>
> This might be a vaguely acceptable solution.  It would require a little work
> in Sympa though to add the new option to the system, possibly as a suboption
> to anonymous_sender, so only modifying List.pm.  I'll take a look and see if
> I can make a suggested patch.
>
> Steve
>
>
> Steve Shipway
> address@concealed


--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra