Thank you for adding it to the discussion points!
On Fri, Mar 3, 2023 at 6:08 PM Katrin Fischer <katrin.fischer...@web.de> wrote: > I have added the DMARC issue to the agenda for the next developer IRC > meeting, but we might need the people running our mailservers to weigh in: > > https://wiki.koha-community.org/wiki/Development_IRC_meeting_9_March_2023 > > Hope this helps, > > Katrin > > On 27.02.23 15:49, Coehoorn, Joel wrote: > > FWIW, I'm seeing the same thing for our "york.edu" domain, but only for > the > > last couple of months. The list used to handle this correctly. > > > > *Joel Coehoorn* > > Director of Information Technology > > *York University* > > Office: 402-363-5603 | jcoeho...@york.edu | york.edu > > > > > > > > On Mon, Feb 27, 2023 at 8:00 AM David Liddle <da...@liddles.net> wrote: > > > >> Greetings, all! > >> > >> At the encouragement of one of the mailing list administrators, I > >> would like to present a situation and a proposal to you all. > >> > >> Normally, I would write from my work account, david.lid...@wycliff.de, > >> since one of the hats I wear is that of a Koha system administrator. > >> One of my other hats, however, is that of the email administrator for > >> our corporate domains. And the latter hat has precedence over the > >> former. > >> > >> To help protect our email domains from being used fraudulently, I have > >> implemented DMARC policies according to current recommendations. You > >> can read more about the Domain-based Message Authentication, Reporting > >> & Conformance protocol at https://dmarc.org/. The policies direct that > >> only messages from authorized sources should be allowed to send mail > >> from wycliff.de and our other domains; messages from all unauthorized > >> sources should be quarantined. > >> > >> With DMARC policies in place, messages that I send from my work > >> account to the Koha mailing list get quarantined by email providers > >> that comply with the policies' directives. Why? It happens because the > >> Koha mailing list spoofs the email address of the original sender. As > >> a result, there is a significant number of subscribers who did not > >> receive the messages at all or had to fetch them from quarantine. Some > >> unknown number will have been marked as spam. > >> > >> There are well-meaning reasons for this behavior within an honest, > >> friendly community such as the Koha mailing list. However, email > >> spoofing is one of the chief means by which fraudsters engage in > >> phishing, data exfiltration, and ransomware attacks. In my opinion, > >> the Koha community ought to avoid the practice of email spoofing. > >> Therefore, I have a proposal to make: > >> > >> -- The Koha Mailing List is based on the Mailman list system. > >> According to its release notes, Mailman 2.1 supports what the > >> developers call "DMARC mitigations". > >> -- Mailman DMARC Mitigations are described here: > >> > >> > https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/dmarc-mitigations.html > >> ++ I PROPOSE that the mailing list subscribers support the > >> implementation of DMARC mitigations to the Koha mailing list. > >> -- The result of the implementation would be that messages submitted > >> to the list would no longer spoof the sender's address, but rather be > >> altered so that the messages come from the list's own address, > >> koha@lists.katipo.co.nz. They *should* be delivered successfully to > >> all recipients. A reply to the message would return to the list, and a > >> reply to all could include the original sender's address explicitly. > >> -- If you agree (or disagree) with this proposal, you'll need to > >> indicate that in your own clever way, because there's no voting > >> mechanism in a mailing list. > >> > >> Thank you for being so kind and forbearing as to read this far! I hope > >> that you'll give my proposal your earnest consideration. > >> > >> Regards, > >> > >> David Liddle > >> > >> > >> After-credits scene: > >> > >> For you intrepid readers, I would like to boldly suggest something > >> even more daring than changing the list's sending practices. Please > >> consider changing the platforms of the Koha email and chat discussions > >> to one such as Discourse: > >> > >> -- The Discourse software and community seems to have a fair bit in > >> common with the character and nature of Koha's. You can read more > >> about the platform at https://www.discourse.org/. > >> -- Not only is it a web forum, but it can handle email submissions, > >> replies, notifications, and digests. (And it would always send from a > >> legitimate address.) > >> -- It has migration tools that appear able to import archives such as > >> those used by this list. > >> -- It has chat integration for real-time messaging that can also be > >> perused later. > >> -- It has functions for search, categorization, and groups that a > >> mailing list does not. > >> _______________________________________________ > >> > >> Koha mailing list http://koha-community.org > >> Koha@lists.katipo.co.nz > >> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > >> > > _______________________________________________ > > > > Koha mailing list http://koha-community.org > > Koha@lists.katipo.co.nz > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ > > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha