[Mailman-Users] Squirrelmail and wrapped messages

Stephen J. Turnbull stephen at xemacs.org
Tue Oct 28 03:06:58 CET 2014

Ed Ravin writes:

 > How have other Mailman admins dealt with this?

The only ways to deal with deficient MUAs are Plan A = pander and Plan
B = tell their users to suck it up and shut up.  I won't do Plan A and
have the power to do Plan B, so Plan B is what I use.  That doesn't
work for everybody, probably does not for a majority of list owners
(eg, where the users of deficient MUAs are customers).

The situation is not ideal.  Yahoo! and AOL knew that going in, they
thought about it, and chose to do it anyway.  So *we* have to suck it

There is ongoing work at the IETF to see if we can mitigate the
problem better in the future (and Yahoo! at least seems willing to
work with those Yahoo!-side mitigations -- AOL has not yet
demonstrated an understanding of the issues), but for now we list
owners have an unpleasant choice to make.

 > I wonder if it's possible to to make wrapped messages a user preference,
 > or have them only turned on for certain domains as discussed previously.
 > Is this a patch that would be accepted in the future?

As Mark mentioned, applying only to posts From domains that use
"p=reject" is possible in 2.1.18-1.

Acceptance of a patch to make it a user preference might be acceptable
(that's entirely up to Mark), but it would have to be carefully done
to ensure that *some* mitigation (probably From-munging) would be
applied if the list owner specified she wants mitigation.  That's
because failure to apply to mitigation to messages that would be DMARC
rejected affects third parties (to the extent that the bounces can't
be identified as DMARC rejects, they will be scored as bounces from
those subscribers, and innocent[1] subscribers could have their
subscriptions disabled).

[1]  Though not entirely so.  Concealing the fact that the reject was
a DMARC policy reject is not useful since it says very little about
*destination* policy, even if the destination prefers to conceal its
own security policy to present a smaller attack surface.

More information about the Mailman-Users mailing list