Re: DMARC (Was: Re: [alsa-devel@xxxxxxxxxxxxxxxx: [PATCH 3/5] ASoC: mediatek: mt8195-afe-pcm: Simplify runtime PM during probe])

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 10, 2023 at 09:50:24AM +0200, Jaroslav Kysela wrote:
> > It is perfectly possible to operate a mailing list server and be
> > DMARC-compliant (at least for DKIM-signed messages) without requiring any of
> > the horrible things mailman-3 is doing:
> > 
> > https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html
> 
> I wish that it was as easy.

It is. We've been operating DMARC-compliant mailing lists for many years now
without needing to mangle any messages.

> I don't see any references to RFCs in this text,
> so we cannot verify the contents. As our mailing list does not modify the
> headers and body, the DKIM is correct for our messages, but it does not work
> practically (the mitigation was turned on recently, so I know how many
> bounces were present).

Can you please show me the message that was no longer DMARC-compliant after
passing through your mailing list server? I will point out what made them
non-DMARC-compliant, and it won't be some builtin incompatibility between
DMARC and mailing lists.

> Also, RFC7960 does not describe this:
> 
> https://datatracker.ietf.org/doc/html/rfc7960#section-4.1.3
> 
> especially:
> 
> https://datatracker.ietf.org/doc/html/rfc7960#section-3.2.3

These talk specifically about messages that were modified by the mailing list
software.

> and see note in:
> 
> https://datatracker.ietf.org/doc/html/rfc7960#section-3.2.3.1
> 
> So "keep everything unmodified" for DKIM is just only one part of the
> problem. Perhaps, there's a RFC update somewhere which adds another note.

I can demonstrate to you millions of email messages that passed through the
mailing list that are still perfectly DMARC compliant -- you seem convinced
that it's not possible. For example, here's the authentication header set by
GMail for a message that I recently received via the tools mailing list:

	Authentication-Results: mx.google.com;
		   dkim=pass header.i=@gmail.com header.s=20221208 header.b=YVg2o3VH;
		   spf=pass (google.com: domain of [omitted]@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=[omitted]@gmail.com;
		   dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com

So, I'm just going to repeat this: operating a mailing list and remaining
DMARC compliant is perfectly possible, provided:

- the original message is DKIM-signed
- all existing headers are unmodified
- the message body is unmodified

-K



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux