From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Danilo Bargen <mail@dbrgn.ch>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] DMARC on this mailing list
Date: Mon, 17 Jan 2022 12:03:03 +0200 [thread overview]
Message-ID: <87mtjufzh1.fsf@tarshish> (raw)
In-Reply-To: <20220117105017.28d6aacc@c3po>
Hi Danilo,
On Mon, Jan 17 2022, Danilo Bargen wrote:
> I recently enabled report-only DMARC on my e-mail domain. After sending
> a few e-mails to this ML yesterday, this resulted in multiple DMARC
> would-be rejection e-mails.
>
> DMARC relies on SPF (correct sender IP) *or* DKIM (correct signature). A
> nice tool to visualize this is https://www.learndmarc.com/. If either
> SPF or DKIM passes, the e-mail should be accepted.
>
> In the case of mailing lists, the way I understand it, there are two
> options:
>
> - Rewrite the "From:" header so that the e-mail appears to be coming
> from the ML itself. Put the original sender e-mail in the "Reply-To"
> header instead. If this is not being done, the sender IP (the mailing
> list) does not match the sender e-mail domain and SPF fails. Note
> that this *might* impact the buildroot ML reputation for some big
> mailservers.
> - Expect that mail servers with DMARC enabled also have DKIM enabled,
> and ensure that the e-mail body is not modified (i.e. turn off the
> automatically inserted footer). Put mailing list unsubscribe links
> in the headers instead. This way, even though the sender IP does not
> match, the signature should still be intact.
>
> These approaches are described in the following blog post I found
> online: https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html
>
> I don't know if mailman allows turning off body modifications (i.e.
> RFC2369 and RFC2919), but it definitely allows "From"-munging:
> https://wiki.list.org/DEV/DMARC
>
> I'm still quite new to this mailing list and don't want to put out any
> demands, but I wanted to bring up this issue, since it will probably be
> more and more of an issue in the future (DMARC adoption is increasing).
I can't comment for the owners of the Buildroot list. But you might find
this recent discussion from the linux-arm-kernel list interesting:
https://lore.kernel.org/linux-arm-kernel/202110211313.B5C5C61@keescook/
In this thread David Woodhouse describes the lists.infradead.org setup
rationale.
baruch
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-01-17 10:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-17 9:50 [Buildroot] DMARC on this mailing list Danilo Bargen
2022-01-17 10:03 ` Baruch Siach via buildroot [this message]
2022-01-17 10:24 ` Yann E. MORIN
2022-01-17 12:57 ` Danilo Bargen
2022-01-17 13:03 ` Danilo Bargen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mtjufzh1.fsf@tarshish \
--to=buildroot@buildroot.org \
--cc=baruch@tkos.co.il \
--cc=mail@dbrgn.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.