Discussion:
[boost] Mangled "From" field in mailing list posts
Vladimir Prus via Boost
2017-06-10 20:28:14 UTC
Permalink
Hi,

it seems that most of recent posts to the mailing lists have
rather strange "From" field, e.g.

From: Daniel James via Boost <***@lists.boost.org>

I see this problem both via NTTP and regular mail, including emails
that appear to be posted directly with a mail client.

That extra "via Boost" adds no value, and clutters mailbox. Is there
any change to return back to having "From" field have just the
name of the person?

Thanks in advance,
Volodya


_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Olaf van der Spek via Boost
2017-06-11 07:19:37 UTC
Permalink
On Sat, Jun 10, 2017 at 10:28 PM, Vladimir Prus via Boost
Post by Vladimir Prus via Boost
Hi,
it seems that most of recent posts to the mailing lists have
rather strange "From" field, e.g.
I see this problem both via NTTP and regular mail, including emails
that appear to be posted directly with a mail client.
That extra "via Boost" adds no value, and clutters mailbox. Is there
any change to return back to having "From" field have just the
name of the person?
+1
--
Olaf

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Daniel James via Boost
2017-06-11 08:33:39 UTC
Permalink
Post by Vladimir Prus via Boost
Hi,
it seems that most of recent posts to the mailing lists have
rather strange "From" field, e.g.
I see this problem both via NTTP and regular mail, including emails
that appear to be posted directly with a mail client.
That extra "via Boost" adds no value, and clutters mailbox. Is there
any change to return back to having "From" field have just the
name of the person?
Problem is that would link my name with the mailing list address.
Email programs often automatically fill their address books from
emails.

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Stefan Seefeld via Boost
2017-06-11 13:48:16 UTC
Permalink
Post by Daniel James via Boost
Post by Vladimir Prus via Boost
Hi,
it seems that most of recent posts to the mailing lists have
rather strange "From" field, e.g.
I see this problem both via NTTP and regular mail, including emails
that appear to be posted directly with a mail client.
That extra "via Boost" adds no value, and clutters mailbox. Is there
any change to return back to having "From" field have just the
name of the person?
Problem is that would link my name with the mailing list address.
Email programs often automatically fill their address books from
emails.
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...

Stefan
--
...ich hab' noch einen Koffer in Berlin...


_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Rene Rivera via Boost
2017-06-11 14:00:39 UTC
Permalink
On Sun, Jun 11, 2017 at 8:48 AM, Stefan Seefeld via Boost <
Post by Stefan Seefeld via Boost
Post by Vladimir Prus via Boost
Hi,
it seems that most of recent posts to the mailing lists have
rather strange "From" field, e.g.
I see this problem both via NTTP and regular mail, including emails
that appear to be posted directly with a mail client.
That extra "via Boost" adds no value, and clutters mailbox. Is there
any change to return back to having "From" field have just the
name of the person?
+1
Post by Stefan Seefeld via Boost
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...
They deal with it by not setting "Sender:" at all.
--
-- Rene Rivera
-- Grafik - Don't Assume Anything
-- Robot Dreams - http://robot-dreams.net
-- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Stefan Seefeld via Boost
2017-06-11 14:07:11 UTC
Permalink
Post by Rene Rivera via Boost
Post by Stefan Seefeld via Boost
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...
They deal with it by not setting "Sender:" at all.
Then why wouldn't that work for us ?

Stefan
--
...ich hab' noch einen Koffer in Berlin...


_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Olaf van der Spek via Boost
2017-06-12 07:30:58 UTC
Permalink
On Sun, Jun 11, 2017 at 4:00 PM, Rene Rivera via Boost
Post by Rene Rivera via Boost
They deal with it by not setting "Sender:" at all.
Doesn't that run into problems with SPF?
--
Olaf

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Michael Caisse via Boost
2017-06-12 20:32:31 UTC
Permalink
Post by Stefan Seefeld via Boost
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...
Stefan
With the old system, many people were having issues with DMARC filtering
emails as-if they were spoof'd. In the recent couple years many
corporate accounts have moved to utilize DMARC as part of their inbound
authentication and the popularity continues to increase.

Unfortunately, Mail Lists normally break because the original sender's
domain DKIM signature doesn't match the Mail List. The most popular work
around is rewriting the From header field. We are doing that in the most
basic manner.

We can consider some other possible changes; however, it is impolite to
modify the From field with an address that would indicate an individual
but represents the entire list.
--
Michael Caisse
Ciere Consulting
ciere.com

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Vladimir Prus via Boost
2017-06-13 08:22:53 UTC
Permalink
Post by Michael Caisse via Boost
Post by Stefan Seefeld via Boost
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...
Stefan
With the old system, many people were having issues with DMARC filtering
emails as-if they were spoof'd. In the recent couple years many
corporate accounts have moved to utilize DMARC as part of their inbound
authentication and the popularity continues to increase.
Unfortunately, Mail Lists normally break because the original sender's
domain DKIM signature doesn't match the Mail List. The most popular work
around is rewriting the From header field. We are doing that in the most
basic manner.
Hi Michael,

thanks for the explanation. So, if I understand correctly, the problem
is that some *senders* have their domains configured to ask recipients
to reject emails that don't pass DKIM or SPF? In other words, the
question is not how many organizations have DMARC for inbound
authentication, but how many users are sending emails to a mailing list
(which, by definition, forwards email with modifications) while also
requesting than any forwared with modifications emails are rejected by
recipients? How many such sending users/domains do we have?

I personally think it would be reasonable to just require that posters
don't use such domain configuration.

If that's not possible, can't we make Mailman not add any footers, and
don't add any DKIM signature of its own. Maybe, that will cause original
DKIM signature to remain valid and DMARC check to pass?

Thanks,
Volodya



_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Olaf van der Spek via Boost
2017-06-13 11:59:30 UTC
Permalink
On Tue, Jun 13, 2017 at 10:22 AM, Vladimir Prus via Boost
Post by Vladimir Prus via Boost
thanks for the explanation. So, if I understand correctly, the problem
is that some *senders* have their domains configured to ask recipients
to reject emails that don't pass DKIM or SPF? In other words, the question
is not how many organizations have DMARC for inbound authentication, but how
many users are sending emails to a mailing list
(which, by definition, forwards email with modifications) while also
requesting than any forwared with modifications emails are rejected by
recipients? How many such sending users/domains do we have?
I personally think it would be reasonable to just require that posters
don't use such domain configuration.
Doesn't gmail also use dmarc?
Post by Vladimir Prus via Boost
If that's not possible, can't we make Mailman not add any footers, and
don't add any DKIM signature of its own. Maybe, that will cause original
DKIM signature to remain valid and DMARC check to pass?
The original From header is still problematic AFAIK.
--
Olaf

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Vladimir Prus via Boost
2017-06-14 06:22:14 UTC
Permalink
Post by Olaf van der Spek via Boost
On Tue, Jun 13, 2017 at 10:22 AM, Vladimir Prus via Boost
Post by Vladimir Prus via Boost
thanks for the explanation. So, if I understand correctly, the problem
is that some *senders* have their domains configured to ask recipients
to reject emails that don't pass DKIM or SPF? In other words, the question
is not how many organizations have DMARC for inbound authentication, but how
many users are sending emails to a mailing list
(which, by definition, forwards email with modifications) while also
requesting than any forwared with modifications emails are rejected by
recipients? How many such sending users/domains do we have?
I personally think it would be reasonable to just require that posters
don't use such domain configuration.
Doesn't gmail also use dmarc?
It does, as can be seen at

https://dmarcian.com/dmarc-inspector/gmail.com

But that configuration (p=none) asks recipient servers to report back to
gmail about any problems they see, not drop email, whereas some
other email providers have "p=reject".
Post by Olaf van der Spek via Boost
Post by Vladimir Prus via Boost
If that's not possible, can't we make Mailman not add any footers, and
don't add any DKIM signature of its own. Maybe, that will cause original
DKIM signature to remain valid and DMARC check to pass?
The original From header is still problematic AFAIK.
It is my understanding that if you don't modify From header and don't
modify body, then DKIM will pass and SPF will fail, and it's enough
for one of the tests to pass.

- Volodya



_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Michael Caisse via Boost
2017-06-13 22:17:00 UTC
Permalink
Post by Vladimir Prus via Boost
Post by Michael Caisse via Boost
Post by Stefan Seefeld via Boost
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...
Stefan
With the old system, many people were having issues with DMARC filtering
emails as-if they were spoof'd. In the recent couple years many
corporate accounts have moved to utilize DMARC as part of their inbound
authentication and the popularity continues to increase.
Unfortunately, Mail Lists normally break because the original sender's
domain DKIM signature doesn't match the Mail List. The most popular work
around is rewriting the From header field. We are doing that in the most
basic manner.
Hi Michael,
thanks for the explanation. So, if I understand correctly, the problem
is that some *senders* have their domains configured to ask recipients
to reject emails that don't pass DKIM or SPF? In other words, the
question is not how many organizations have DMARC for inbound
authentication, but how many users are sending emails to a mailing list
(which, by definition, forwards email with modifications) while also
requesting than any forwared with modifications emails are rejected by
recipients? How many such sending users/domains do we have?
I might have explained poorly. When the ML sends emails, it is the
receiving side (inbound) that is doing the check. The receiving server
confirms headers, checks the signature against what is in the original
sender's domain entries and then fails the message.

Some of the organizations/services that utilize DMARC: Microsoft, Yahoo,
Pixar, any thing through Rackspace, and gmail.

We are talking about some other solutions... but most of them are
horrible or short lived until the entire world moves to DMARC.

michael
--
Michael Caisse
Ciere Consulting
ciere.com

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Vladimir Prus via Boost
2017-06-14 06:40:08 UTC
Permalink
Post by Michael Caisse via Boost
Post by Vladimir Prus via Boost
Post by Michael Caisse via Boost
Post by Stefan Seefeld via Boost
The "From:" field could contain the full address of the original poster,
not just his name. That's how things were before the change, IIUC.
But, AFAIU, that had to change because some mail servers would refuse to
serve mail whose "From:" address differed from the "sender" field (which
is the list address in our case). Am I describing this correctly ? I
wonder how others handle this situation (in particular, how mailman and
similar tools deal with this themselves), given how frequent a use-case
this is...
Stefan
With the old system, many people were having issues with DMARC filtering
emails as-if they were spoof'd. In the recent couple years many
corporate accounts have moved to utilize DMARC as part of their inbound
authentication and the popularity continues to increase.
Unfortunately, Mail Lists normally break because the original sender's
domain DKIM signature doesn't match the Mail List. The most popular work
around is rewriting the From header field. We are doing that in the most
basic manner.
Hi Michael,
thanks for the explanation. So, if I understand correctly, the problem
is that some *senders* have their domains configured to ask recipients
to reject emails that don't pass DKIM or SPF? In other words, the
question is not how many organizations have DMARC for inbound
authentication, but how many users are sending emails to a mailing list
(which, by definition, forwards email with modifications) while also
requesting than any forwared with modifications emails are rejected by
recipients? How many such sending users/domains do we have?
I might have explained poorly. When the ML sends emails, it is the
receiving side (inbound) that is doing the check. The receiving server
confirms headers, checks the signature against what is in the original
sender's domain entries and then fails the message.
According to what I read, only if *sending side* requests to fail the
message with "p=reject" in DMARC DNS entry. Is it not true?

Also, according to what I read, if ML does not modify any headers and
does not modify body, and does not add its own DKIM signature, then DKIM
test will pass. Is it not true?

At present, it seems that mailing list:
- Adds footer (which breaks original DKIM signature)
- Adds its own DKIM signature (in fact, two)
- Modifies From header to "fix" things up.

I am asking whether we've tried to configure Mailman to try not
modifying anything at all, and act as close to perfect forwarding
as possible.
Post by Michael Caisse via Boost
Some of the organizations/services that utilize DMARC: Microsoft, Yahoo,
Pixar, any thing through Rackspace, and gmail.
According to:

https://dmarcian.com/dmarc-inspector/outlook.com
https://dmarcian.com/dmarc-inspector/exchange.microsoft.com

Microsoft has "p=none" as well. Gmail likewise. Only Yahoo has "p=reject".
Post by Michael Caisse via Boost
We are talking about some other solutions... but most of them are
horrible or short lived until the entire world moves to DMARC.
I am not 100% sure that Mailman can be configured to keep original
DKIM signature valid (and seems like its developers don't know either),
but it seems to me that loosing mailing list footer is better than
mangling From field, and therefore worth a try?

- Volodya



_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Olaf van der Spek via Boost
2017-06-14 10:13:13 UTC
Permalink
On Wed, Jun 14, 2017 at 8:40 AM, Vladimir Prus via Boost
Post by Vladimir Prus via Boost
- Adds footer (which breaks original DKIM signature)
- Adds its own DKIM signature (in fact, two)
- Modifies From header to "fix" things up.
[boost] subject prefix
--
Olaf

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Michael Caisse via Boost
2017-06-13 22:22:39 UTC
Permalink
Post by Vladimir Prus via Boost
If that's not possible, can't we make Mailman not add any footers, and
don't add any DKIM signature of its own. Maybe, that will cause original
DKIM signature to remain valid and DMARC check to pass?
I meant to respond to this part too:

This is what we used to do with the old ML when it was ran by IU. We
were dropping thousands of emails a day because of DMARC and we had
quite a number of complaints from individuals who used to be involved
with the list but could no longer receive emails.

As more companies are using DMARC, we will have to find a better solution.

michael
--
Michael Caisse
Ciere Consulting
ciere.com

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Olaf van der Spek via Boost
2017-06-14 10:15:07 UTC
Permalink
On Mon, Jun 12, 2017 at 10:32 PM, Michael Caisse via Boost
Post by Michael Caisse via Boost
We can consider some other possible changes; however, it is impolite to
modify the From field with an address that would indicate an individual
but represents the entire list.
Is it?

I get notifications from github with From: User Name <***@github.com>
It seems like the best solution.
--
Olaf

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Asbjørn via Boost
2017-06-14 10:55:00 UTC
Permalink
Post by Olaf van der Spek via Boost
On Mon, Jun 12, 2017 at 10:32 PM, Michael Caisse via Boost
Post by Michael Caisse via Boost
We can consider some other possible changes; however, it is impolite to
modify the From field with an address that would indicate an individual
but represents the entire list.
Is it?
It seems like the best solution.
I think it would greatly increase the chance of someone mistakenly sending
private mails to the list. That's not an issue with the github mail address.

Regards
- Asbjørn

_______________________________________________
Unsubscribe & other changes: http://lists.boost.
Olaf van der Spek via Boost
2017-06-14 11:01:11 UTC
Permalink
On Wed, Jun 14, 2017 at 12:55 PM, Asbjørn via Boost
Post by Asbjørn via Boost
Post by Olaf van der Spek via Boost
On Mon, Jun 12, 2017 at 10:32 PM, Michael Caisse via Boost
Post by Michael Caisse via Boost
We can consider some other possible changes; however, it is impolite to
modify the From field with an address that would indicate an individual
but represents the entire list.
Is it?
I get notifications from github with From: User Name
It seems like the best solution.
I think it would greatly increase the chance of someone mistakenly sending
private mails to the list. That's not an issue with the github mail address.
Why not? If you reply it ends up in the public issue tracker.
--
Olaf

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/ma
Asbjørn via Boost
2017-06-14 11:13:00 UTC
Permalink
Post by Olaf van der Spek via Boost
On Wed, Jun 14, 2017 at 12:55 PM, Asbjørn via Boost
Post by Asbjørn via Boost
I think it would greatly increase the chance of someone mistakenly sending
private mails to the list. That's not an issue with the github mail address.
Why not? If you reply it ends up in the public issue tracker.
In that case it has the same issue, one which I'd consider a defect. YMMV.

Regards
- Asbjørn


_______________________________________________
Unsubscribe & other chang

Loading...