no more subject prefix for xetex mailing list
Peter von Kaehne
refdoc at gmx.net
Mon Mar 4 14:27:59 CET 2019
The solution JISCMAIL uses is following:
From: "VON KAEHNE, Peter (NHS .... )" <
0......0-dmarc-request at JISCMAIL.AC.UK>
Reply-To: Rural General Practitioners Association of Scotland <
RGPAS at JISCMAIL.AC.UK>
To: RGPAS at JISCMAIL.AC.UK
Subject: Re: [RGPAS] ....
The From header is rewritten and a unique code for the email used. I am
not sure if this new "address" has any function of any sort.
A ReplyTo header is added with the list address.
I am receiving this list on NHS-net which is a major user of
Microsoft's corporate email provider. The settings are paranoid and
have always been. I received many DMARC related warnings on that list
while MS and the NHS slowly tightened the rules until JISCMAIL was
amending its processing of mailing lists.
Peter
On Mon, 2019-03-04 at 11:21 +0100, Zdenek Wagner wrote:
> Hi,
>
> I am afraid that the subject prefix is just one of several reasons. I
> have just examined the recent reply by Norbert Preining. Gmail
> reports:
> SPF: PASS, DKIM: FAIL, DMARC: FAIL.
>
> Further examination shows that the mail was sent from 91.121.174.77
> which is listed in SPF as a permitted sender for tug.org. DKIM is
> taken from the original sender, i.e. from logic.at. The
> authentication
> header says:
>
> Authentication-Results: mx.google.com;
> dkim=fail header.i=@logic.at header.s=dkim header.b=nSpPkmsD;
> spf=pass (google.com: domain of
> tex-live-bounces+zdenek.wagner=gmail.com at tug.org designates
> 91.121.174.77 as permitted sender)
> smtp.mailfrom="tex-live-bounces+zdenek.wagner=gmail.com at tug.org";
> dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=logic.at
>
> The detailed description of the signature says:
>
> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=logic.at;
> s=dkim; t=1551675717;
> bh=btyCANRBRIWj8PY5MX1c7XBCEyZHPpgSm6TopL4NIjQ=;
> h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
> b=nSpPkmsDIdLW56sQ7c6w1PYZRv4qx58amqMrkT7KIkyFd1Uk+58yr9bMjE/E7YCHf
> xlITlT1MoM5mG2pQDbdKshrzhCRF6UfymeZprptomBVtf6LBt2CuCkA+ijLG7+eEZ3
> lEN5uexB1G72AqYiihhbTrpK2pyqh1y6j54EC+CI=
>
> "h" shows the list of the header fields that were signed by the
> logic.at sender. If any of them is changed by the listserv, the
> signature becomes invalid. The sender decides in the corresponding
> TXT
> record in the DNS what to do with such mails, it may be allowed to
> accept them but the receivers can have stricter policy and reject
> them.
>
> I do not know how to solve it. Probably the listserv should verify
> DMARC of a submitted message. If it decides to accept the mail and
> distribute it, the original signature should be removed, From should
> be modified so that DKIM is taken from tug.org and the headers should
> get a new signature.
>
> I am not an expert, it took me a long time to configure my sendmail
> to
> provide correct DMARC but this may be the way.
>
>
>
> Zdeněk Wagner
> http://ttsm.icpf.cas.cz/team/wagner.shtml
> http://icebearsoft.euweb.cz
>
> po 4. 3. 2019 v 7:02 odesílatel Peter von Kaehne <refdoc at gmx.net>
> napsal:
> > On Sun, 2019-03-03 at 16:05 -0700, Karl Berry wrote:
> > > Hi - I've removed the "[XeTeX]" prefix on Subject lines from this
> > > mailing list (xetex)'s messages. It is my hope that this will
> > > reduce
> > > the ever-increasing flood of dmarc failures
> > > (https://en.wikipedia.org/wiki/DMARC).
> >
> > Isn't the problem with DMARC around the FROM: header? I can not see
> > how
> > altering the subject line is going to make a blind bit of
> > difference
> > when the real problem is that the FROM header still points at the
> > author's domain.
> >
> > Peter
> >
More information about the XeTeX
mailing list