[conspire] Ancient flamewar public service announcement
Rick Moen
rick at linuxmafia.com
Fri Jun 22 09:35:21 PDT 2018
Quoting Nick Moffitt (nick at zork.net):
> Alas, the days of this continuing to work are numbered. Already a large
> number of sites use DKIM and similar techniques to ensure that only
> authenticated servers send mail from their domains. Thus when your
> mailing list "reflects" a mail from foo at example.com, the subscriber at
> bar at example.com will never see it because mx.example.com rejects it as a
> forgery.
>
> Mailman has begun to support options that absolutely rewrite the From:
> header entirely. This is not a very fun future for e-mail.
DKIM / DMARC[1] indeed imposes pretty dreadful collateral damage on mailing
lists, which is one of several reasons I consider that entire protocol
design from Yahoo totally botched, and won't implement it on my domain.
(SPF works just fine, thanks.)
That having been said, Mailman's 'Munge From' action to take when anyone
posts to the list from a domain with a DMARC Reject/Quarantine Policy
(Privcay Options, Sender Filters) is a least-bad workaround that
minimises the collateral damage, in my view. To quote the help text:
'This action replaces the poster's address in the From: header with the
list's posting address and adds the poster's address to the addresses in
the original Reply-To: header.' Only DMARC/DKIM-afflicted sending
domains are thus afflicted, when you as a listadmin pick that option.
It sucks, but it Sucks Less.[tm]
[1] DMARC being an even more monstrous superset of DKIM.
More information about the conspire
mailing list