www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe_schae...@yahoo.com.INVALID>
Subject Re: [DISCUSS] Y! DMARC solution preferences
Date Mon, 02 Jun 2014 01:59:50 GMT
So basically I changed the script to do dynamic DMARC policy
lookups, so there's no longer a need to hard-code domains as
the issue changes over time.



On Sunday, June 1, 2014 9:04 PM, Joe Schaefer <joe_schaefer@yahoo.com.INVALID> wrote:
 

>
>
>Doing some digging yielded the following additional domains with
>a p=reject DMARC policy:
>
>twitter.com
>facebook.com
>linkedin.com
>
>
>
>
>
>On Sunday, June 1, 2014 7:54 PM, Joe Schaefer <joe_schaefer@yahoo.com.INVALID> wrote:
>
>
>>
>>
>>Check libcloud lists for the -f option and general@incubator
>>for -t.  Trailers (-t) are far more common than -f (Subject prefix).
>>
>>
>>
>>
>>On Sunday, June 1, 2014 7:51 PM, sebb <sebbaz@gmail.com> wrote:
>>
>>
>>>
>>>
>>>On 2 June 2014 00:45, Joe Schaefer <joe_schaefer@yahoo.com.invalid> wrote:
>>>> No sebb, check the list archives on people.apache.org.  The
>>>> difference is that you received a courtesy-copy directly from
>>>> me for certain messages.
>>>>
>>>
>>>OK I see.
>>>
>>>What about the -f and -t options?
>>>
>>>
>>>>
>>>> On Sunday, June 1, 2014 7:42 PM, sebb <sebbaz@gmail.com> wrote:
>>>>
>>>>
>>>>>
>>>>>
>>>>>On 2 June 2014 00:18, Joe Schaefer <joe_schaefer@yahoo.com> wrote:
>>>>>> This list strips text/html attachments for example, which would need
to
>>>>>> stop.
>>>>>
>>>>>However, it does not _always_ seem to strip HTML multipart sections.
>>>>>For example, message IDs
>>>>>
>>>>>Message-ID: <1401663850.81707.YahooMailNeo@web121802.mail.ne1.yahoo.com>
>>>>>and
>>>>>Message-ID: <1401664711.9264.YahooMailNeo@web121806.mail.ne1.yahoo.com>
>>>>>
>>>>>in this thread have HTML alternatives, whereas the first message in
>>>>>the thread does not have an HTML alternative
>>>>>
>>>>>Perhaps a bug in ezmlm?
>>>>>
>>>>>The -x option does not affect all messages, as some people post in plain
text.
>>>>>So it's not always obvious.
>>>>>
>>>>>It would also be useful to see the effect of not having the -f and -t
options.
>>>>>Do any lists use -f (subject prefixing)?
>>>>>What about -t (trailers)?
>>>>>
>>>>>
>>>>>>
>>>>>> On Sunday, June 1, 2014 7:17 PM, sebb <sebbaz@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 2 June 2014 00:04, Joe Schaefer <joe_schaefer@yahoo.com>
wrote:
>>>>>>> board@, members@, infrastructure@, dev@httpd are fine as-is.
>>>>>>> About half of them need no changes, but many of those
>>>>>>> that do are public, like this list.
>>>>>>>
>>>>>>
>>>>>> I cannot say I have noticed a difference between infra and infra-dev.
>>>>>> What are that infra-dev feature(s) that would need to be dropped?
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sunday, June 1, 2014 7:01 PM, sebb <sebbaz@gmail.com>
wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 1 June 2014 23:52, Joe Schaefer <joe_schaefer@yahoo.com.invalid>
wrote:
>>>>>>>> Talking to a few people about this privately, it seems that
>>>>>>>> there is a perception that munging Y! From headers is the
>>>>>>>> least invasive option of the two.
>>>>>>>>
>>>>>>>> But this is a brand-spanking new issue and it's hard to gauge
>>>>>>>> how service providers will react.  Y! could step back, or
others
>>>>>>>> could step on board.  The only real future-proof option
is to
>>>>>>>> change list configs to no longer alter content or headers,
but
>>>>>>>> I want to let the community weigh in on their preferences
before
>>>>>>>> taking action.
>>>>>>>>
>>>>>>>
>>>>>>> Are there examples of lists that don't change headers/content
that we
>>>>>>> can look at?
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sunday, June 1, 2014 5:28 PM, Joe Schaefer
>>>>>>>> <joe_schaefer@yahoo.com.INVALID> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>If there are any questions or comments about this issue,
>>>>>>>>>let's place them on this thread.
>>>>>>>>>
>>>>>>>>>The underlying issue is that in about mid-April Yahoo!
(and now AOL)
>>>>>>>>>changed their DNS-advertised DMARC policy for their domain
to REJECT
>>>>>>>>> messages that fail the DMARC tests (revolving around
SPF and DKIM).  SPF
>>>>>>>>> is
>>>>>>>>>a non-issue for us currently, but DKIM is because it's
a signed hash of
>>>>>>>>> various headers and the message body itself- things which
some of our
>>>>>>>>> lists
>>>>>>>>> are configured to alter by choice.
>>>>>>>>>
>>>>>>>>>What the POLL offers is a choice of redress plan: either
we can munge Y!
>>>>>>>> >From addresses to avoid their DMARC policy check, or
we can reconfigure
>>>>>>>>>our lists not to alter the message in any way.  It looks
like Y! is
>>>>>>>>> committed
>>>>>>>>>to this policy change so the onus is on us, if we still
want to ensure Y!
>>>>>>>>> users'
>>>>>>>>>messages are deliverable to us, to change how we operate
roughly 50% of
>>>>>>>>>our available lists.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>On Sunday, June 1, 2014 12:24 PM, Joe Schaefer
>>>>>>>>> <joe_schaefer@yahoo.com.INVALID> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>Everyone is welcome to participate in this poll as
>>>>>>>>>>it affects a wide cross-section of the org.  Please
>>>>>>>>>>cast your vote on one of the following 2 choices:
>>>>>>>>>>
>>>>>>>>>>[ ] - enable Y! "From" and "DKIM-Signature" header
munging,
>>>>>>>>>>      impacting only Y! mailing list authors in
a minimal way
>>>>>>>>>>      (see THIS MESSAGE's headers for actual details
of the changes)
>>>>>>>>>>
>>>>>>>>>>[ ] - change configurations to "-FXT", disabling all
message munging
>>>>>>>>>>      for everyone equally
>>>>>>>>>>
>>>>>>>>>>See corresponding discussion on infrastructure@
>>>>>>>>>>for details of affected lists and more information
>>>>>>>>>>on the choices available.  Thx.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>
>>
>
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message