Re: [mailop] Student trying to attend M3AAWG

2023-02-18 Thread Richard W via mailop 
Finally??  I think 19 hours from first mention to securing a confirmed 
pass is pretty amazing.


Richard

On 2023-02-18 4:11 p.m., Alex Liu via mailop wrote:

Finally got a pass :) thanks everyone for your help!!

On Fri, Feb 17, 2023 at 19:00 Alex Liu > wrote:


Hi Everyone,

My name is Alex and I’m a student at UCSD. I recently found out
about M3AAWG. It’s agenda is very really related to what I’ve been
doing (my research:https://alexliu0809.github.io/publications/#/
). However, it seems
like registration is not open to students who are not part of a
member company. Is there still a way to register for it (e.g.,
through an invitation)? Any help would be appreciated. Thanks!
-- 
Regards,

*Enze "**Alex" **Liu*
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu 
University of California, San Diego

--
Regards,
*Enze "**Alex" **Liu*
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu 
University of California, San Diego

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Student trying to attend M3AAWG

2023-02-18 Thread Alex Liu via mailop 
Finally got a pass :) thanks everyone for your help!!

On Fri, Feb 17, 2023 at 19:00 Alex Liu  wrote:

> Hi Everyone,
>
> My name is Alex and I’m a student at UCSD. I recently found out about M3AAWG.
> It’s agenda is very really related to what I’ve been doing (my research:
> https://alexliu0809.github.io/publications/#/). However, it seems like
> registration is not open to students who are not part of a member company.
> Is there still a way to register for it (e.g., through an invitation)? Any
> help would be appreciated. Thanks!
> --
> Regards,
> *Enze "**Alex" **Liu*
> PhD Student
> Department of Computer Science and Engineering
> e7...@eng.ucsd.edu
> University of California, San Diego
>
-- 
Regards,
*Enze "**Alex" **Liu*
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu
University of California, San Diego
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM record IONOS

2023-02-18 Thread H via mailop 
On February 18, 2023 9:08:40 AM EST, Mark Alley via mailop  
wrote:
>On 2/17/2023 9:27 PM, H wrote:
>> On February 16, 2023 8:57:49 PM EST, Mark Alley via
>mailop  wrote:
>>> As long as the organizational domain you want reports for is the
>same
>>> as
>>> you have published in the DMARC RUA/RUF "mailto" tags, then no, you
>do
>>> not
>>> need it to be able to receive said reports.
>>> 
>>> - Mark Alley
>>> 
>>> On Thu, Feb 16, 2023, 7:47 PM H  wrote:
>>> 
 On February 16, 2023 6:37:42 PM EST, Mark Alley via mailop <
 mailop@mailop.org> wrote:
> You only need to create that record if you are sending the
> aggregate/failure reports for a particular domain that is
>different
> from
> the one the reports are actually on behalf of.
> 
> So for example, if you owned domain1.com and wanted to send
>RUA/RUF
> reports
> for domain1.com to a mailbox at domain2.com (assuming you own
>>> domain2),
> you
> would need to create the TXT record in domain2 -
> "domain1.com._report._
> dmarc.domain2.com" IN TXT "v=DMARC1;"
> 
> If you're using an external third party for report analysis,
>usually
> they
> have a wildcard published in their DNS for this "_report._dmarc"
> subdomain,
> so you don't have to worry about it in that case.
> 
> 
> - Mark Alley
> 
> 
> On Thu, Feb 16, 2023, 4:14 PM H via mailop
>>> wrote:
>> On 02/11/2023 07:42 PM, H wrote:
>> 
>> On 02/11/2023 01:55 AM, Gellner, Oliver via mailop wrote:
>> 
>> 
>> On 2023-02-11 02:51 H via mailop wrote:
>> 
>> 
>> On 02/10/2023 10:13 AM, Gellner, Oliver via mailop wrote:
>> 
>> On 2023-02-10 04:08, H via mailop wrote:
>> 
>> I now did find that resource but it is written as general
>>> information
> and does not really tell how to get it going with IONOS if they
>run
>>> the
> email server...
>> As far as I understood you not only use Ionos as your registrar,
>>> but
> also use their email server to send your email through. Ionos does
>>> not
> DKIM sign emails on behalf of its customers, at least they didn't
>do
>>> so
> in the past. So the answer is simple: You do not set up DKIM or
>>> DMARC
> at all, because you can't.
>> The instructions given by Ionos are only valid if your email is
>>> sent
> and signed by some other server and you want to add the DKIM
>public
>>> key
> to your domain hosted at Ionos.
>> --
>> BR Oliver
>> 
>> Thank you, you are starting with the first issue, ie whether I
>can
> even
>> have a DKIM record given that the domain is hosted by Ionos as is
>>> the
> mail
>> server. Upon my additional research I have come to the same
> conclusion as
>> you, ie not possible.
>> 
>> By the way, I stumbled across this posting on the net -
>> 
>>>
>https://serverfault.com/questions/1030262/record-dkim-on-ionos-makes-sense
>> - that as far as I can tell is still true.
>> 
>> So, I will now look at creating a DMARC record given that I have
>> previously created a SPF record and will not be able to have a
>>> DKIM
> record.
>> I recommend against setting up a DMARC record with a policy of
> quarantine
>> or reject as long as DKIM signing isn‘t in place. The SPF
> authentication
>> will break for all forwarded messages as well as for all
>automatic
> replies
>> or non-delivery reports. It will do mire harm than good.
>> Of course if you‘re interested in the reporting you can create a
> DNARC
>> record with a none policy and only change that after you have
>>> moved
> to a
>> different email provider who supports DKIM.
>> 
>> —
>> BR Oliver
>> 
>> --
>> dmTECH GmbH
>> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232
>>> Karlsruhe
>> Telefon 0721 5592-2500 Telefax 0721 5592-2777
>> dmt...@dm.de*www.dmTECH.de 
>
>> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
>> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman
>Melcher
>> --
>> Datenschutzrechtliche Informationen
>> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an
>>> unser
>> ServiceCenter Fragen haben, bei uns einkaufen oder unser
>>> dialogicum
> in
>> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung
>>> stehen
> oder
>> sich bei uns bewerben, verarbeiten wir personenbezogene Daten.
>> Informationen unter anderem zu den konkreten Datenverarbeitungen,
>> Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer
>> Datenschutzbeauftragten finden Sie hier
>> 
> <
>>>
>https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>
>> .
>> 
>> 
>> ___
>> mailop mailing
>

Re: [mailop] Should mailing list messages be DKIM signed? (ARC / DKIM)

2023-02-18 Thread Benny Pedersen via mailop 

Alessandro Vesely via mailop skrev den 2023-02-18 13:49:

Mailman cannot verify SPF.


envelope sender changes on nexthop, no ?

so why is it important ?

if you meant not to accept spf fail posters, this is still in mta stage 
to be enforced if wanted not to accept it

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Student trying to attend M3AAWG

2023-02-18 Thread John Levine via mailop 
It appears that Andrew Barrett via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Send a message to Robin at registrat...@m3aawg.org. She may be able to help
>you, but if registration is closed, it might be too late. Never hurts to
>ask though.

Be sure and explain *why* you want to come.

M3AAWG meetings are generally open only to members, and the sessions
are deliberately not public so the members can talk about security
issues without leaking details to the world.

They do sometimes have guest passes but you need a pretty good reason to get 
one.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM record IONOS

2023-02-18 Thread Mark Alley via mailop 
On 2/17/2023 9:27 PM, H wrote:
> On February 16, 2023 8:57:49 PM EST, Mark Alley via mailop 
>  wrote:
>> As long as the organizational domain you want reports for is the same
>> as
>> you have published in the DMARC RUA/RUF "mailto" tags, then no, you do
>> not
>> need it to be able to receive said reports.
>> 
>> - Mark Alley
>> 
>> On Thu, Feb 16, 2023, 7:47 PM H  wrote:
>> 
>>> On February 16, 2023 6:37:42 PM EST, Mark Alley via mailop <
>>> mailop@mailop.org> wrote:
 You only need to create that record if you are sending the
 aggregate/failure reports for a particular domain that is different
 from
 the one the reports are actually on behalf of.
 
 So for example, if you owned domain1.com and wanted to send RUA/RUF
 reports
 for domain1.com to a mailbox at domain2.com (assuming you own
>> domain2),
 you
 would need to create the TXT record in domain2 -
 "domain1.com._report._
 dmarc.domain2.com" IN TXT "v=DMARC1;"
 
 If you're using an external third party for report analysis, usually
 they
 have a wildcard published in their DNS for this "_report._dmarc"
 subdomain,
 so you don't have to worry about it in that case.
 
 
 - Mark Alley
 
 
 On Thu, Feb 16, 2023, 4:14 PM H via mailop
>> wrote:
> On 02/11/2023 07:42 PM, H wrote:
> 
> On 02/11/2023 01:55 AM, Gellner, Oliver via mailop wrote:
> 
> 
> On 2023-02-11 02:51 H via mailop wrote:
> 
> 
> On 02/10/2023 10:13 AM, Gellner, Oliver via mailop wrote:
> 
> On 2023-02-10 04:08, H via mailop wrote:
> 
> I now did find that resource but it is written as general
>> information
 and does not really tell how to get it going with IONOS if they run
>> the
 email server...
> As far as I understood you not only use Ionos as your registrar,
>> but
 also use their email server to send your email through. Ionos does
>> not
 DKIM sign emails on behalf of its customers, at least they didn't do
>> so
 in the past. So the answer is simple: You do not set up DKIM or
>> DMARC
 at all, because you can't.
> The instructions given by Ionos are only valid if your email is
>> sent
 and signed by some other server and you want to add the DKIM public
>> key
 to your domain hosted at Ionos.
> --
> BR Oliver
> 
> Thank you, you are starting with the first issue, ie whether I can
 even
> have a DKIM record given that the domain is hosted by Ionos as is
>> the
 mail
> server. Upon my additional research I have come to the same
 conclusion as
> you, ie not possible.
> 
> By the way, I stumbled across this posting on the net -
> 
>> https://serverfault.com/questions/1030262/record-dkim-on-ionos-makes-sense
> - that as far as I can tell is still true.
> 
> So, I will now look at creating a DMARC record given that I have
> previously created a SPF record and will not be able to have a
>> DKIM
 record.
> I recommend against setting up a DMARC record with a policy of
 quarantine
> or reject as long as DKIM signing isn‘t in place. The SPF
 authentication
> will break for all forwarded messages as well as for all automatic
 replies
> or non-delivery reports. It will do mire harm than good.
> Of course if you‘re interested in the reporting you can create a
 DNARC
> record with a none policy and only change that after you have
>> moved
 to a
> different email provider who supports DKIM.
> 
> —
> BR Oliver
> 
> --
> dmTECH GmbH
> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232
>> Karlsruhe
> Telefon 0721 5592-2500 Telefax 0721 5592-2777
> dmt...@dm.de*www.dmTECH.de  
> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
> --
> Datenschutzrechtliche Informationen
> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an
>> unser
> ServiceCenter Fragen haben, bei uns einkaufen oder unser
>> dialogicum
 in
> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung
>> stehen
 oder
> sich bei uns bewerben, verarbeiten wir personenbezogene Daten.
> Informationen unter anderem zu den konkreten Datenverarbeitungen,
> Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer
> Datenschutzbeauftragten finden Sie hier
> 
 <
>> https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>
> .
> 
> 
> ___
> mailop mailing
 listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop
> I see. As I am sure everyone has noticed, I am a complete newbie
>> to
> SPF/DKIM/DMARC (and a lot of other things.)
> 
> Understanding your message,

Re: [mailop] Should mailing list messages be DKIM signed? (ARC / DKIM)

2023-02-18 Thread Alessandro Vesely via mailop 

On Fri 17/Feb/2023 17:07:33 +0100 Patrick Ben Koetter wrote:

Greetings,

I'm about to setup a new mailing list server. It will use Mailman 3, which is
able to add ARC signatures to incoming messages. The lists will also rewrite
the From:-header and to match the lists name and domain. I'm unsure if
outbound messages should also be DKIM signed or does it suffice to add ARC
signatures?



The reason ARC was proposed is to avoid rewriting the From: header.  If you're 
willing to experiment on this, you can create two sibling lists[*], one of 
which rewrites From: while the other does not.  Subscribers choose which list 
the prefer, based on their MTA capability of redeeming a broken DKIM after ARC 
reports it was good on arrival.  You're better off testing MTA capabilities 
before allowing subscriptions on the non-munging list.


Only the non-munging list requires ARC.  Anyway, beware of Mailman's ARC 
implementation.  It was coded as a proof of concept, but is not to be used in 
production.  Indeed, you need an ARC-signer which trusts the 
Authentication-Results obtained by the bastion host and, after list 
transformations, turns them into ARC-Authentication-Results.  Mailman cannot 
verify SPF.


ARC is experimental.  If you don't want to experiment, there's no reason to use 
it.  DKIM is enough.


Best
Ale
--

[*] The suggested method to manage two sibling lists is to put them as 
sub-lists under an umbrella list.  The latter has the former two as its only 
subscribers, and won't accept more.  Both sibling lists accept subscribers 
under the site and list policy.  The umbrella list accepts posts.  The sibling 
lists don't, and advertise the umbrella list as the destination for posts.  (It 
would be simpler if mailman had a subscriber option about From: munging, but 
they won't develop it if nobody tries it, a chicken and egg problem.)




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Should mailing list messages be DKIM signed? (ARC / DKIM)

2023-02-18 Thread Ralph Seichter via mailop 
* Patrick Ben Koetter via mailop:

> I'm about to setup a new mailing list server. It will use Mailman 3,
> which is able to add ARC signatures to incoming messages. The lists
> will also rewrite the From:-header and to match the lists name and
> domain. I'm unsure if outbound messages should also be DKIM signed or
> does it suffice to add ARC signatures?

DKIM signature tests appear to be more common than ARC support on the
receiving end of things. If Mailman 3 is rewriting the message headers
correctly, which I don't doubt, I see no reason not to add both ARC and
DKIM signatures, especially when the ML continues to prepend "[mailop]"
to message subject lines and thereby invalidates existing DKIM
signatures.

-Ralph
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop