ezmlm: Thread: Yahoo's DMARC policy and ezmlm


[<<] [<] Page 1 of 1 [>] [>>]
Subject: Yahoo's DMARC policy and ezmlm
From: Brian Behlendorf ####@####.####
Date: 2 May 2014 04:49:57 -0000
Message-Id: <alpine.DEB.2.10.1405012149300.3079@laz>

Don't know if this email alias is still active.  I'd sent an earlier version of 
this message to ####@####.#### until someone reminded me I was running 
ezmlm-idx, so I thought I'd bring it here.

If this list is alive, and you're reading this, and you still maintain ezmlm 
mailing lists, you might be aware of the DMARC/Yahoo kerfluffle that's causing 
list of mailing list software to make changes to avoid bounces.  Someone 
recently suggested that the following would be enough to make ezmlm lists avoid 
breaking the DKIM signature on domains, avoiding a bounce message:

http://lists.dmarc.org/pipermail/dmarc-discuss/2014-April/002513.html

Is this accurate?  Are there any other transformations that ezmlm might perform 
on a message that would break DKIM?  "mimeremove" seems like a candidate.

Brian

Subject: Re: Yahoo's DMARC policy and ezmlm
From: Charlie Brady ####@####.####
Date: 2 May 2014 12:23:22 -0000
Message-Id: <Pine.LNX.4.64.1405020820440.16463@e-smith.charliebrady.org>

On Thu, 1 May 2014, Brian Behlendorf wrote:

> Don't know if this email alias is still active.

Find the archives. You've missed some discussion of this issue already.

> recently suggested that the following would be enough to make ezmlm lists
> avoid breaking the DKIM signature on domains, avoiding a bounce message:
> 
> http://lists.dmarc.org/pipermail/dmarc-discuss/2014-April/002513.html
> 
> Is this accurate? 

No. I have a list which is probing and unsubscribing various non-yahoo 
subscribers because of the yahoo dmarc change. That list has none of 
prefix, text/trailer and addtrailer.

> Are there any other transformations that ezmlm might
> perform on a message that would break DKIM?  "mimeremove" seems like a
> candidate.

Indeed.
Subject: Re: Yahoo's DMARC policy and ezmlm
From: Brian Behlendorf ####@####.####
Date: 2 May 2014 14:39:18 -0000
Message-Id: <alpine.DEB.2.10.1405020737370.3079@laz>

On Fri, 2 May 2014, Charlie Brady wrote:
> Find the archives. You've missed some discussion of this issue already.

Ah, thanks - looks like this particular approach wasn't covered though.

>> recently suggested that the following would be enough to make ezmlm lists
>> avoid breaking the DKIM signature on domains, avoiding a bounce message:
>>
>> http://lists.dmarc.org/pipermail/dmarc-discuss/2014-April/002513.html
>>
>> Is this accurate?
>
> No. I have a list which is probing and unsubscribing various non-yahoo
> subscribers because of the yahoo dmarc change. That list has none of
> prefix, text/trailer and addtrailer.

Drat.  Are there any other DKIM-breaking transformations on messages that 
ezmlm could be doing?

Brian
Subject: Re: Yahoo's DMARC policy and ezmlm
From: Brian Behlendorf ####@####.####
Date: 2 May 2014 14:53:40 -0000
Message-Id: <alpine.DEB.2.10.1405020749100.3079@laz>

On Fri, 2 May 2014, Brian Behlendorf wrote:
> On Fri, 2 May 2014, Charlie Brady wrote:
>> No. I have a list which is probing and unsubscribing various non-yahoo
>> subscribers because of the yahoo dmarc change. That list has none of
>> prefix, text/trailer and addtrailer.
>
> Drat.  Are there any other DKIM-breaking transformations on messages that 
> ezmlm could be doing?

Also, why would a *probe* fail to users due to DMARC?  The probe message 
doesn't come with a "From: ####@####.#### address, so the probe message 
itself shouldn't bounce.  In fact the symptom of this problem is that 
users at gmail.com and other sites that check DMARC get the probe 
messages, which explain that messages to them are bouncing, confusing 
them; but since the probe message was successfully delivered, they aren't 
unsub'd.

It's worse on Mailman, which after 5 bounces will remove an address, no 
probe sent (yet another example of DJB's forethought on bounce handling!). 
This meant that the 5th message from a @yahoo.com user on some Mailman 
lists that friends of mine run resulted in mass unsubscribes of users at 
gmail.com, hotmail.com, etc.

Brian
Subject: Re: Yahoo's DMARC policy and ezmlm
From: Brian Behlendorf ####@####.####
Date: 3 May 2014 00:32:14 -0000
Message-Id: <alpine.DEB.2.10.1405021728460.3079@laz>

I've had one of my list owners appear to successfully test this appoach 
(preserving DKIM validity by not modifying message) on their list, and it 
appears to have worked, as he sees these headers upon receipt to his 
@gmail.com address:

>        dkim=pass ####@####.####
>        dmarc=pass (p=REJECT dis=NONE) header.from=yahoo.com

Just FYI.  I'll be sharing this with a few other lists as well.

Looks like mailing list software authors should really provide two options 
for their end users:

1) No modification of the messages allowed, no stripping of mime 
attachments, no message prefix, etc

or

2) You can add anything you want, but you must change the From: header to 
that of an email address at the mailing list host in some standardized way 
- SRS, which I think is a bad idea, or "real name via list@host" which is 
less bad.

Brian

Subject: Re: Yahoo's DMARC policy and ezmlm
From: Charlie Brady ####@####.####
Date: 3 May 2014 03:42:42 -0000
Message-Id: <Pine.LNX.4.64.1405022341590.26273@e-smith.charliebrady.org>

On Fri, 2 May 2014, Brian Behlendorf wrote:

> On Fri, 2 May 2014, Charlie Brady wrote:
> 
> > > recently suggested that the following would be enough to make ezmlm lists
> > > avoid breaking the DKIM signature on domains, avoiding a bounce message:
> > >
> > > http://lists.dmarc.org/pipermail/dmarc-discuss/2014-April/002513.html
> > >
> > > Is this accurate?
> >
> > No. I have a list which is probing and unsubscribing various non-yahoo
> > subscribers because of the yahoo dmarc change. That list has none of
> > prefix, text/trailer and addtrailer.
> 
> Drat.  Are there any other DKIM-breaking transformations on messages that
> ezmlm could be doing?

Yes. e.g. as you mention, mimeremove.
Subject: Re: Yahoo's DMARC policy and ezmlm
From: Charlie Brady ####@####.####
Date: 3 May 2014 03:50:46 -0000
Message-Id: <Pine.LNX.4.64.1405022348150.26273@e-smith.charliebrady.org>

On Fri, 2 May 2014, Brian Behlendorf wrote:

> On Fri, 2 May 2014, Brian Behlendorf wrote:
> > On Fri, 2 May 2014, Charlie Brady wrote:
> > > No. I have a list which is probing and unsubscribing various non-yahoo
> > > subscribers because of the yahoo dmarc change. That list has none of
> > > prefix, text/trailer and addtrailer.
> >
> > Drat.  Are there any other DKIM-breaking transformations on messages that
> > ezmlm could be doing?
> 
> Also, why would a *probe* fail to users due to DMARC?  The probe message
> doesn't come with a "From: ####@####.#### address, so the probe message itself
> shouldn't bounce.  In fact the symptom of this problem is that users at
> gmail.com and other sites that check DMARC get the probe messages, which
> explain that messages to them are bouncing, confusing them; but since the
> probe message was successfully delivered, they aren't unsub'd.

No, you are right - on checking there are multiple probes, multiple 
confused receivers of the notification of bouncing messages, but no 
unsubscribed.

> It's worse on Mailman, which after 5 bounces will remove an address, no probe
> sent (yet another example of DJB's forethought on bounce handling!). This

Indeed. It surprises me that DJB still gets such "bad press". An abrasive 
personality, apparently, but very good thinker and coder.

> meant that the 5th message from a @yahoo.com user on some Mailman lists that
> friends of mine run resulted in mass unsubscribes of users at gmail.com,
> hotmail.com, etc.
> 
> Brian
> 
> 
Subject: Re: Yahoo's DMARC policy and ezmlm
From: Brian Behlendorf ####@####.####
Date: 3 May 2014 17:34:59 -0000
Message-Id: <alpine.DEB.2.10.1405031034490.3079@laz>

On Fri, 2 May 2014, Charlie Brady wrote:
> On Fri, 2 May 2014, Brian Behlendorf wrote:
>
>> On Fri, 2 May 2014, Charlie Brady wrote:
>>
>>>> recently suggested that the following would be enough to make ezmlm lists
>>>> avoid breaking the DKIM signature on domains, avoiding a bounce message:
>>>>
>>>> http://lists.dmarc.org/pipermail/dmarc-discuss/2014-April/002513.html
>>>>
>>>> Is this accurate?
>>>
>>> No. I have a list which is probing and unsubscribing various non-yahoo
>>> subscribers because of the yahoo dmarc change. That list has none of
>>> prefix, text/trailer and addtrailer.
>>
>> Drat.  Are there any other DKIM-breaking transformations on messages that
>> ezmlm could be doing?
>
> Yes. e.g. as you mention, mimeremove.

Any others?

Brian

Subject: Re: Yahoo's DMARC policy and ezmlm
From: Charlie Brady ####@####.####
Date: 3 May 2014 20:55:01 -0000
Message-Id: <Pine.LNX.4.64.1405031654160.29726@e-smith.charliebrady.org>

On Sat, 3 May 2014, Brian Behlendorf wrote:

> On Fri, 2 May 2014, Charlie Brady wrote:
> > On Fri, 2 May 2014, Brian Behlendorf wrote:
> >
> > > On Fri, 2 May 2014, Charlie Brady wrote:
> > >
> > > > No. I have a list which is probing and unsubscribing various non-yahoo
> > > > subscribers because of the yahoo dmarc change. That list has none of
> > > > prefix, text/trailer and addtrailer.
> > >
> > > Drat.  Are there any other DKIM-breaking transformations on messages that
> > > ezmlm could be doing?
> >
> > Yes. e.g. as you mention, mimeremove.
> 
> Any others?

I don't know.
[<<] [<] Page 1 of 1 [>] [>>]


Powered by ezmlm-browse 0.21.