Fyi: this list, bug-make, just had it's subject [tag] and footer removed

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Fyi: this list, bug-make, just had it's subject [tag] and footer removed

sysadmin
The Free Software Foundation has changed the GNU Mailman settings on
this list. The short version is that any subject prefix or message
footer has been removed, allowing us to turn off DMARC from munging.
Any list administrator for this list is free to change these settings
back, instructions are below.

The change is to better deal with increased adoption of the DMARC email
standard. The default Mailman settings were causing messages sent from
users with strict DMARC policy domains like yahoo.com to be rejected
when sent to list subscribers by Mailman. See the end of this email for
a technical overview of DMARC and DKIM. There are two main ways to fix
the issue by changing Mailman list settings.

The first option, and the preferable way for discussion lists, is what
we call the "unmodified message fix." There are Mailman list settings
which modify the messages by adding a subject prefix (e.g. [list-name])
or a footer. Modifying the message breaks DKIM message signatures and
thus DMARC, so we just turn those off. Many lists are already this way
and there is no change for them. Instead of using the subject prefix to
identify a list, subscribers should use the List-Id, To, and Cc headers.
List footer information can also be be put in the welcome email to
subscribers and the list information page by list administrators.

We changed the default for new lists to send unmodified messages, and
are now updating existing discussion lists to the new default. We
emailed all list administrators and moderators and Savannah group admins
to allow them to opt in to the alternate fix before we made this
change. However, not all lists had a valid administrator contact.

The second option is for lists which want or need to continue to modify
the message, for example with subject prefix or footer settings. In this
case we turn on a Mailman list setting called dmarc_moderation_action:
"Munge From". With this, if a strict DMARC sender sends to the list, we
alter the headers of that message like so:

A message sent to the list:

From: Anne Example Person <exampleperson@examplepersonsdomain>

Is modified by Mailman and sent to subscribers as:

From: Anne Example Person via Alist <alist@listdomain>
Reply-To: Anne Example Person <exampleperson@examplepersonsdomain>

Without going into all of the details, here's a few points about why we
concluded the unmodified message fix is better for discussion
lists. Email clients don't all treat munged messages the same way as
unmunged, and humans read these headers so it can confuse people,
causing messages not to be sent to the expected recipients. GNU Mailman
has an option to do "Munge From" always, but does not recommend using
it[1]. While we're not bound by what others do, it's worth noting that
other very large free software communities like Debian GNU/Linux have
adopted the unmodified message fix[2]. The unmodified messages fix
avoids breaking DKIM cryptographic signatures, which show the message
was authorized by the signing domain and seems like a generally good
security practice. Tools to manage patches, for example patchew, use the
from field and are tripped up by from munging.

For any Mailman list administrator who wants to change or look over the
relevant settings: The dmarc_moderation_action setting is under "Privacy
Options" subsection "Sender Filters". The only options that should be
selected are "Accept" or "Munge From", along with corresponding changes
to the subject_prefix option under "General Options", and msg_footer is
under "Non-digest options".

If no list administrators or moderators are around for this list, anyone
should feel free to try to track them down or figure out who should
become one and explain in detail by replying to [hidden email]. Please
be patient, this process may take several weeks.

Please send any questions that should be public to [hidden email]. For
private ones, just reply to [hidden email].

For the general announcement of these changes, please read
https://lists.gnu.org/archive/html/savannah-hackers-public/2019-06/msg00018.html
and
https://lists.gnu.org/archive/html/savannah-hackers-public/2019-09/msg00016.html


A short DMARC technical overview:

DMARC policy is a DNS txt record at a _dmarc subdomain. For example:

$ host -t txt _dmarc.yahoo.com
_dmarc.yahoo.com descriptive text "v=DMARC1; p=reject; pct=100;
rua=mailto:address@hidden;";

The only important thing there for our purpose is p=reject. p=reject
means that conforming mail servers that receive mail with a from header
of *@yahoo.com will reject that email unless it was either 1. sent from
Yahoo's email servers, or 2. its DKIM signature is verified. A DKIM
signature[5] is a public key cryptographic signature of the email body
and some headers included in the message header "DKIM-Signature". A
verified DKIM signature means that email body and signed headers have
not been modified.

Comprehensive resources about DMARC tend to downplay or ignore its
problems, but some that have helped me are Wikipedia[6], the Mailman
wiki[1], dmarc.org wiki[7], and the DMARC rfc[8].



[1]: https://wiki.list.org/DEV/DMARC
[2]: https://lists.debian.org/debian-devel-announce/2015/08/msg00003.html
[5]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
[6]: https://en.wikipedia.org/wiki/DMARC
[7]: https://dmarc.org/wiki/FAQ#senders
[8]: https://tools.ietf.org/html/rfc7489

Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org