I'm struggling to find a palatable solution to the configuration of a list, and the new Yahoo-style DMARC problem.
The list has mung on, as well as Reply-To: set to the list. The end result is nowhere does the original sender's address appear in the messages, when having them readily visible is the desired behavior.
I was wondering about asking someone to make a Mailman handler that would re-write the From: address after munging to:
Jane Doe (jane@example.com) via listname <list@example.net>My question now is, is there any reason why re-writing it this way would be a bad idea?
- Ron
I was wondering about asking someone to make a Mailman handler that would re-write the From: address after munging to:
From: Jane Doe (jane@example.com) via listname list@example.net
My question now is, is there any reason why re-writing it this way would be a bad idea?
Well, of course, it's a bad idea for all the reasons we know that address munging in general is a bad idea.
By my reading of RFC 5322, this is syntactically valid, but it's fairly unsusual to put a parenthesized comment into the display name preceding the angle-addr. Also, if Jane's name happens to have a dot or other punctuation in it, that's not valid, e.g. this is wrong:
From: Jane Q. Doe (jane@example.com) via listname list@example.net
You can quote the whole thing to make it OK:
From: "Jane Q. Doe jane@example.com via listname" list@example.net
R's, John
On 06/21/2014 04:04 PM, Ron Guerin wrote:
I'm struggling to find a palatable solution to the configuration of a list, and the new Yahoo-style DMARC problem.
The list has mung on, as well as Reply-To: set to the list. The end result is nowhere does the original sender's address appear in the messages, when having them readily visible is the desired behavior.
In Mailman 2.1.18-1, the posters address will also be in Reply-To: with Reply-To: set to the list. In Mailman 2.1.16 and 2.1.17, this wasn't the case (I think only if first_strip_reply_to was Yes).
I was wondering about asking someone to make a Mailman handler that would re-write the From: address after munging to:
Jane Doe (jane@example.com) via listname list@example.net
My question now is, is there any reason why re-writing it this way would be a bad idea?
Yes. According to http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html:
The inclusion of more than one domain in the RFC5322.From field is dangerous. Recent studies by two major senders show that ~95% of all cases in which there is one domain in the RFC5322.From "display name" and different domain in the RFC5322.From "address-spec" are fraudulent. This practice should be discouraged as there are efforts underway to increase "spam scores" within inbound filtering when this is detected.
But, on the other hand, that's exactly what Yahoo Groups is doing, so take your pick.
If having the poster's address in Reply-To: would be satisfactory, try setting first_strip_reply_to to No.
Changing CookHeaders to munge the from as you suggest is a very simple patch. I have attached a 2.1.16/17 version. Note that even with this patch, the bug at https://bugs.launchpad.net/mailman/+bug/1304511 is not completely fixed. Also note John's objection won't apply as this will be formatted as
"Jane Doe jane@example.com via listname" list@example.net
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 6/21/2014 8:24 PM, Mark Sapiro wrote:
On 06/21/2014 04:04 PM, Ron Guerin wrote:
I'm struggling to find a palatable solution to the configuration of a list, and the new Yahoo-style DMARC problem.
The list has mung on, as well as Reply-To: set to the list. The end result is nowhere does the original sender's address appear in the messages, when having them readily visible is the desired behavior.
In Mailman 2.1.18-1, the posters address will also be in Reply-To: with Reply-To: set to the list. In Mailman 2.1.16 and 2.1.17, this wasn't the case (I think only if first_strip_reply_to was Yes).
I was wondering about asking someone to make a Mailman handler that would re-write the From: address after munging to:
Jane Doe (jane@example.com) via listname list@example.net
My question now is, is there any reason why re-writing it this way would be a bad idea?
Yes. According to http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html:
The inclusion of more than one domain in the RFC5322.From field is dangerous. Recent studies by two major senders show that ~95% of all cases in which there is one domain in the RFC5322.From "display name" and different domain in the RFC5322.From "address-spec" are fraudulent. This practice should be discouraged as there are efforts underway to increase "spam scores" within inbound filtering when this is detected.
I've been absorbing a lot of input about this and while the part of me that just wants to get things done still likes the idea of putting the address into the comment field, I'm finding the argument persuasive that as soon as people /expect/ to find a valid address in the comment field, the cold clammy hands of DMARC will choke that off too. I don't find the argument /valid/ mind you, as the comment field is the comment field, and no MUA (save ones with a very specific bug) are ever going to treat it as anything but a commment, but I completely believe that anything that reduces the pain of DMARC will eventually run afoul of DMARC.
Now you tell me that it's actually a useful indicator of spamminess. That feels like the last nail in the coffin.
But, on the other hand, that's exactly what Yahoo Groups is doing, so take your pick.
If having the poster's address in Reply-To: would be satisfactory, try setting first_strip_reply_to to No.
That may be the least objectionable solution that's still "DMARC-friendly", but then I'm probably annoying subscribers who aren't using DMARC to reject mail their users asked for.
Changing CookHeaders to munge the from as you suggest is a very simple patch. I have attached a 2.1.16/17 version. Note that even with this patch, the bug at https://bugs.launchpad.net/mailman/+bug/1304511 is not completely fixed. Also note John's objection won't apply as this will be formatted as
"Jane Doe jane@example.com via listname" list@example.net
I had it in my mind before he mentioned it that I'd have to look into what triggers quoting of the comment field, but his input reassures me that it's not likely to cause other problems from a technical standpoint. From a social standpoint though, it seems to be an idea living on borrowed time.
I would really like to do, as someone said earlier, just say "Friends don't let Friends use Yahoo or AOL Mail." But count me in with those expecting Gmail to be next. That's nearly half the subscribers of the list I've been asking in regard to.
And thanks for sending code again, you're the best!
- Ron
Ron Guerin writes:
I would really like to do, as someone said earlier, just say "Friends don't let Friends use Yahoo or AOL Mail." But count me in with those expecting Gmail to be next. That's nearly half the subscribers of the list I've been asking in regard to.
I think GMail would have to consider using "p=reject" if they suffered a security breach like those at AOL and Yahoo!. However, so far they've kept their own counsel about respecting others' "p=reject", and the way the attackers went directly from Yahoo! to AOL, and then stopped, suggests they found GMail and Hotmail more difficult to crack. This may not just be an accident. The business models differ more or less, and GMail and Hotmail may be able to maintain a stronger security profile vs. "management" business initiatives.
A second consideration is that the DMARC discussion group at IETF is working on ways to allow mailing lists to sign the posts they distribute, instead of depending only on the Author Domain's signature for authentication in case of an Author Domain's "p=reject". This is a very difficult problem involving certain risks (in particular, it's clearly ineffective against what are called "spear-phishing attacks"), but in GMail's user profile those risks might be acceptable to GMail.
This does require that your MTA sign the posts you distribute after any list modifications, but IMO it's quite possible that GMail will allow lists to control their own destiny in that way, at least until proven ineffective. Of course that assumes that a draft gets widespread support and GMail decides to implement it.
Ron Guerin writes:
Jane Doe (jane@example.com) via listname list@example.net
My question now is, is there any reason why re-writing it this way would be a bad idea?
First, the DMARC proponents themselves say "don't do that!" (Mostly for the reasons given below.)
Second, it disrespects the wishes of Yahoo! The reason that Yahoo! is publishing "p=reject" is because it doesn't want the mailbox to appear in From: in mail handled by third parties (mostly meaning "spammers" but also including *you*), because users take that as a sign that the mail is really from someone they know, making them vulnerable to phishing and "<friend> recommends" spam. Of course, Yahoo! Groups now is doing exactly what you propose. This sort of works for now because the spammers aren't emulating it yet, and MUAs don't put Jane's picture next to the address.
Third, I bet that "Your Friend <email> via 3rd Party <l-email>" phishing and spam will appear in short order, people will be defrauded, and DMARC will be updated to reject on any appearance of a protected mailbox in From:. Then you'll be back in the same boat. I wouldn't be surprised if various MUAs (including Yahoo! itself) don't start handling Yahoo! Groups (and perhaps your list as well) specially by parsing the address out of the display name and prettifying addresses in the user's contact list, exacerbating the "Yahoo! is friendly to fraud" effect.
Fourth, Heaven only knows what Outlook (and other MUAs) will do with that format of display name, but I bet it ain't pretty.
My take on this is "friends don't let friends use Yahoo!", YMMV.
On 22/06/2014 00:04, Ron Guerin wrote:
I'm struggling to find a palatable solution to the configuration of a list, and the new Yahoo-style DMARC problem.
The list has mung on, as well as Reply-To: set to the list. The end result is nowhere does the original sender's address appear in the messages, when having them readily visible is the desired behavior.
I was wondering about asking someone to make a Mailman handler that would re-write the From: address after munging to:
Jane Doe (jane@example.com) via listname list@example.net
My question now is, is there any reason why re-writing it this way would be a bad idea?
Notwithstanding the three comments above mine, all of which point out that this is a bad thing, there is a certain irony that what you suggest here is very similar to what Yahoo Groups does for its mail lists.
Here are the relevant lines from two recent Yahoo Groups mail list posts, one with a name in the email's From field, one without (both edited to be generic):
X-Original-From: original-author@authordomain.com From: "original-author@authordomain.com [a-yahoo-group-list]" a-yahoo-group-list@yahoogroups.com Reply-To: a-yahoo-group-list@yahoogroups.com
X-Original-From: a real name a-name@a-domain.co.uk From: "a real name a-name@a-domain.co.uk [a-yahoo-group-list]" a-yahoo-group-list@yahoogroups.com Reply-To: a-yahoo-group-list@yahoogroups.com
As you can see, they don't put the original author's email address in brackets but they do put the list name in square brackets, and enclose the comment section in quotes.
They have also added the X-Original-From header.
Yahoo Groups always seems to (and always did) set the Reply-To back to the list address.
I have to say that this approach reads well to the human eye in my opinion, even though it still results in two email addresses ending up in the new From field.
But if Yahoo does it that makes it ok, doesn't it? ;-)
-- Mark Rousell
PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162
Yahoo Groups also add something like this in a footer: "Posted by: a real name a-name@a-domain.co.uk" and a series of mailto links below that for replying to the original sender or to the group.
I find the former useful for telling who sent the message, because my iPad only displays the list address in From. The latter would be useful for those who find replying directly to the original sender difficult, but they don't include any quoted text, which is annoying at times.
Peter Shute
On 22 Jun 2014, at 11:50 am, "Mark Rousell" markr@signal100.com wrote:
On 22/06/2014 00:04, Ron Guerin wrote: I'm struggling to find a palatable solution to the configuration of a list, and the new Yahoo-style DMARC problem.
The list has mung on, as well as Reply-To: set to the list. The end result is nowhere does the original sender's address appear in the messages, when having them readily visible is the desired behavior.
I was wondering about asking someone to make a Mailman handler that would re-write the From: address after munging to:
Jane Doe (jane@example.com) via listname list@example.net
My question now is, is there any reason why re-writing it this way would be a bad idea?
Notwithstanding the three comments above mine, all of which point out that this is a bad thing, there is a certain irony that what you suggest here is very similar to what Yahoo Groups does for its mail lists.
Here are the relevant lines from two recent Yahoo Groups mail list posts, one with a name in the email's From field, one without (both edited to be generic):
X-Original-From: original-author@authordomain.com From: "original-author@authordomain.com [a-yahoo-group-list]" a-yahoo-group-list@yahoogroups.com Reply-To: a-yahoo-group-list@yahoogroups.com
X-Original-From: a real name a-name@a-domain.co.uk From: "a real name a-name@a-domain.co.uk [a-yahoo-group-list]" a-yahoo-group-list@yahoogroups.com Reply-To: a-yahoo-group-list@yahoogroups.com
As you can see, they don't put the original author's email address in brackets but they do put the list name in square brackets, and enclose the comment section in quotes.
They have also added the X-Original-From header.
Yahoo Groups always seems to (and always did) set the Reply-To back to the list address.
I have to say that this approach reads well to the human eye in my opinion, even though it still results in two email addresses ending up in the new From field.
But if Yahoo does it that makes it ok, doesn't it? ;-)
-- Mark Rousell
PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/pshute%40nuw.org.au
Am Sonntag, den 22.06.2014, 13:33 +1000 schrieb Peter Shute:
Yahoo Groups also add something like this in a footer: "Posted by: a real name a-name@a-domain.co.uk" and a series of mailto links below that for replying to the original sender or to the group.
Well, won't this break DKIM?
Regards Bjoern
-- xmpp bjo@schafweide.org bjo.nord-west.org | nord-west.org
On 6/22/14, 8:12 AM, Bjoern Franke wrote:
Am Sonntag, den 22.06.2014, 13:33 +1000 schrieb Peter Shute:
Yahoo Groups also add something like this in a footer: "Posted by: a real name a-name@a-domain.co.uk" and a series of mailto links below that for replying to the original sender or to the group. Well, won't this break DKIM?
Regards Bjoern
If they didn't break DKIM already, they wouldn't need to do this, as they could leave From: unchanged and pass DMARC! "
-- Richard Damon
Bjoern Franke writes:
Am Sonntag, den 22.06.2014, 13:33 +1000 schrieb Peter Shute:
Yahoo Groups also add something like this in a footer: "Posted by: a real name a-name@a-domain.co.uk" and a series of mailto links below that for replying to the original sender or to the group.
Well, won't this break DKIM?
No.
DKIM provides *no* policy, except that verifiers should draw the same conclusions from an invalid signature that they would from the absence of that signature. So this question really means "Will there be a valid DKIM signature?" And the answer is "Yes -- the signature by Yahoo! Groups' own MTA will be valid".[1] Other signatures may be invalid, but according to DKIM they should be ignored.
Perhaps you meant "won't this break DMARC?" and again the answer is (perhaps more surprisingly), "no"! The reason is that the mailbox in From: is @yahoo (or @yahoo-groups or something like that), and that MTA will DKIM sign after corrupting From: and adding that footer. This signature will be valid, and the domain in the mailbox in From: and the signing domain will be the same, and thus will accepted by a recipient participating in DMARC.
The only problem is that anything Yahoo! Groups can do, the spammers and phishers can do too. (And of course that it violates RFC 5322.)
Footnotes: [1] There are caveats to this, of course -- we *are* talking about *Internet mail*, where *anything* can happen and eventually does.
Yahoo Groups also add something like this in a footer: "Posted by: a real name a-name@a-domain.co.uk" and a series of mailto links below that for replying to the original sender or to the group.
Well, won't this break DKIM?
Yes, but if it also takes the real author address out of the From: line, it'll avoid DMARC problems.
Lists should put their own DKIM signature on outgoing mail, so recipient systems can recognize it as being from the list. That's how it's supposed to work.
R's, John
participants (9)
-
Bjoern Franke -
John Levine -
Mark Rousell -
Mark Sapiro -
Peter Shute -
Richard Damon -
Ron Guerin -
Stephen J. Turnbull -
Stephen J. Turnbull