> From: "Franck Martin"
> To: "José Ferreira"
> Cc: dmarc@ietf.org
> Sent: Thursday, November 27, 2014 7:15:38 PM
> > opendkim[5120]: 3jnzZZ1h1Lz2pG1f: can't parse From: header value '
> > MAILER-DAEMON (Mail Delivery System)'
>
> > With DefaultSender set you can overcome this.
>
> see point
- Original Message -
> From: "José Ferreira"
> To: dmarc@ietf.org
> Sent: Wednesday, November 26, 2014 4:35:35 PM
> Subject: Re: [dmarc-ietf] Indirect Mail Flows
> Funny you mention it
> Postfix doesn't have that issue. It can sign bounces, opendkim r
- Original Message -
> From: "Murray S. Kucherawy"
> To: "Franck Martin"
> Cc: "Sam Silberman" , dmarc@ietf.org,
> "Elizabeth Zwicky"
> Sent: Wednesday, November 26, 2014 10:07:40 PM
> Subject: Re: [dmarc-ietf] Indirect Mail Flo
- Original Message -
> From: "Murray S. Kucherawy"
> To: "Franck Martin"
> Cc: "Sam Silberman" , dmarc@ietf.org,
> "Elizabeth Zwicky"
> Sent: Wednesday, November 26, 2014 2:07:40 PM
> Subject: Re: [dmarc-ietf] Indirect Mail Flo
On Wed, Nov 26, 2014 at 1:23 PM, Franck Martin
wrote:
> My experience points to the difficulty of DKIM signing bounces. It is
> notoriously known that postfix cannot DKIM sign the messages it
> generates(MDN).
>
sendmail also has this limitation. The reason for both is that the plugin
interface
- Original Message -
> From: "Elizabeth Zwicky"
> To: "Sam Silberman" , dmarc@ietf.org
> Sent: Wednesday, November 26, 2014 10:08:16 AM
> Subject: Re: [dmarc-ietf] Indirect Mail Flows
>
>
>
> By my calculation, purely indirect mail --
By my calculation, purely indirect mail -- mail that never authenticated -- is
a more frequent problem than mail that was broken along the way.
If I take a day's worth of data for a couple of end-user domains at p=reject
and average them together, and the same for p=none, I get this table:
On Nov 14, 2014, at 8:55 PM, Stephen J. Turnbull wrote:
> Silberman, Sam writes:
>
>> They have no $$, so they use a free mail service (
>> p...@dmarc-protected-mailservice.com)
>
> which is a specifically deprecated use-case in the DMARC document (and
> at least some such services are we
Silberman, Sam writes:
> Previous posts have suggested this is a small problem.
I'm not quite sure what "this" refers to, but I think that is unfair.
Several of us have repeatedly insisted on the importance of aspects of
the issue other than the ones that get the most discussion, despite
our per
In anticipation of today's DMARC WG meeting, I want to highlight one of
the many important use cases. Specifically:
Use of "unrelated" outbound SMTP servers
Commercial email using free email address
Newspaper Sites
Reference wiki:
https://tools.i
On 09/11/2014 07:41 PM, Hector Santos wrote:
For multiple decades, starting with mail systems predating RFC822, with everyone one of
them there was a common mail engineering taboo, "thou shall not tamper with
mail" and one of the primary anchoring fields, the author of the message was a
princ
I used to get this error message no matter what email address I typed in :
--cut--
Password request failed
The automatic login and password service failed; manual intervention is
needed. Please send a mail to webmas...@tools.ietf.org and explain the
situation for further assistance.
--cut--
Gave
On 09/18/2014 07:30 PM, Stephen J. Turnbull wrote:
I was referring to
http://trac.tools.ietf.org/wg/dmarc/trac/wiki/MilestoneOneWiki
I had no trouble working through the automated sign-up. What trouble
(error message?) are you having with your email address(es)?
- Roland
John Levine writes:
> If you're referring to the ASRG wiki, the person responsible for it is
> me. I am unaware of any signup problems, and there are multiple
> people contributing to it.
I'm not sure what ASRG refers to, perhaps http://wiki.asrg.sp.am/?
I was referring to
http://trac.tools
I've added an indirect mail flow page to the ASRG wiki. If you don't
have a password to log in and edit, write to me and I'll give you one.
>> >IMO, the place to record the inventory is the wiki. Mailing lists are
>> >not a good place to keep such records.
>> I would love to add it to the Wiki,
On Wed, Sep 17, 2014 at 10:33 PM, Henrik Schack
wrote:
>
> >it's nice to see how many respondents in this thread gave all sorts of
>> advise to Henrik how to deal with a problem, which basically cannot solved
>> by him because it is caused by some 3rd party (modifying the body of a mail
>> for ad
>
>
> >IMO, the place to record the inventory is the wiki. Mailing lists are
> >not a good place to keep such records.
> I would love to add it to the Wiki, unfortunately the Wiki signup features
> seems to be broken, wont accept any of my email addresses.
>
And the person responsible does not res
>
> >it's nice to see how many respondents in this thread gave all sorts of
> advise to Henrik how to deal with a problem, which basically cannot solved
> by him because it is caused by some 3rd party (modifying the body of a mail
> for adv. purposes).
> >
> >I interpreted Henrik's mail as a follow
Rolf E. Sonneveld writes:
> started, titled 'Indirect mail flows'. In my view both John and Henrik
> tried to make (a start of) an inventory of all sorts of real-life
> situations that potentially can break DKIM signatures or more in
> general: cause DMARC failures for legitimate mail flows
y, September 15, 2014 5:27 PM
To: Terry Zink; Murray S. Kucherawy
Cc: dmarc@ietf.org; John Levine; hen...@schack.dk
Subject: Re: [dmarc-ietf] Indirect mail flows: DKIM signature breakage by cloud
anti-virus/spam provider
On 9/15/2014 5:26 PM, Terry Zink wrote:
Having the "Virus scanned by
All,
On 09/15/2014 07:39 PM, Henrik Schack wrote:
In Denmark we have a somewhat large (10K+ domains) anti-virus/spam
provider breaking DKIM signatures.
They break DKIM signatures on incoming email by adding a "Virus
scanned by " line to the body of the email.
Not sure how to fix this, but
Murray S. Kucherawy writes:
> better yet, do DKIM verification prior to AV processing.
This looks like the best bet to me. Especially if the AV processor
charges by the message: perhaps you can reject or approve before
submitting to the AV. ;-)
___
d
On 09/16/2014 11:42 AM, Dave Crocker wrote:
On 9/15/2014 7:00 PM, Roland Turner wrote:
As I understand it, most advertisers maintain a "nuclear ambiguity"
about the effectiveness of their activities, making measurements rather
difficult to obtain.
Every presentation I've seen from usability (
On 9/15/2014 7:00 PM, Roland Turner wrote:
> As I understand it, most advertisers maintain a "nuclear ambiguity"
> about the effectiveness of their activities, making measurements rather
> difficult to obtain.
Every presentation I've seen from usability (human factors, UX, ...)
specialist has sai
On 09/16/2014 08:27 AM, Dave Crocker wrote:
On 9/15/2014 5:26 PM, Terry Zink wrote:
Having the "Virus scanned by xxx" ***in a header*** defeats the purpose
of advertising since most clients won’t display it. A/V filters put
those taglines in there to advertise, not just to tell the mail client
27 PM
To: Terry Zink; Murray S. Kucherawy
Cc: dmarc@ietf.org; John Levine; hen...@schack.dk
Subject: Re: [dmarc-ietf] Indirect mail flows: DKIM signature breakage by cloud
anti-virus/spam provider
On 9/15/2014 5:26 PM, Terry Zink wrote:
> Having the "Virus scanned by xxx" ***in a header
On 9/15/2014 5:26 PM, Terry Zink wrote:
> Having the "Virus scanned by xxx" ***in a header*** defeats the purpose
> of advertising since most clients won’t display it. A/V filters put
> those taglines in there to advertise, not just to tell the mail client
> that their mail has been scanned.
And
erry
From: Murray S. Kucherawy [mailto:superu...@gmail.com]
Sent: Monday, September 15, 2014 5:21 PM
To: Terry Zink
Cc: John Levine; dmarc@ietf.org; hen...@schack.dk
Subject: Re: [dmarc-ietf] Indirect mail flows: DKIM signature breakage by cloud
anti-virus/spam provider
How will most mail clients k
John Levine
> Sent: Monday, September 15, 2014 2:16 PM
> To: dmarc@ietf.org
> Cc: hen...@schack.dk
> Subject: Re: [dmarc-ietf] Indirect mail flows: DKIM signature breakage by
> cloud anti-virus/spam provider
>
> In article t00p...@mail.gmail.com> you write:
> >-=-=-=-=-=
g is the best option.
-- Terry
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of John Levine
Sent: Monday, September 15, 2014 2:16 PM
To: dmarc@ietf.org
Cc: hen...@schack.dk
Subject: Re: [dmarc-ietf] Indirect mail flows: DKIM signature breakage by cloud
anti-vir
In article
you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>In Denmark we have a somewhat large (10K+ domains) anti-virus/spam provider
>breaking DKIM signatures.
>They break DKIM signatures on incoming email by adding a "Virus scanned by
>" line to the body of the email.
>
>Not sure how to fix this,
On 2014-09-15 10:39, Henrik Schack wrote:
In Denmark we have a somewhat large (10K+ domains) anti-virus/spam
provider breaking DKIM signatures.
They break DKIM signatures on incoming email by adding a "Virus
scanned by " line to the body of the email.
Not sure how to fix this, but perhaps
Though I would never put such a thing in a standards document, OpenDKIM
does have the capability to rewrite arriving header fields prior to
signing/verifying to overcome things like this. Your ESP's verifier could
be trained to ignore the added line prior to verifying, or better yet, do
DKIM verif
No it's not at all a free service. But they advertise anyway :-(
Br
Henrik
On Mon, Sep 15, 2014 at 9:28 PM, Franck Martin wrote:
>
> On Sep 15, 2014, at 7:39 PM, Henrik Schack
> wrote:
>
> > In Denmark we have a somewhat large (10K+ domains) anti-virus/spam
> provider breaking DKIM signatures.
On Sep 15, 2014, at 7:39 PM, Henrik Schack wrote:
> In Denmark we have a somewhat large (10K+ domains) anti-virus/spam provider
> breaking DKIM signatures.
> They break DKIM signatures on incoming email by adding a "Virus scanned by
> " line to the body of the email.
>
> Not sure how to f
In this case it's not a header, but a line added to the body of the email
Br Henrik Schack
On Sep 15, 2014 8:51 PM, "Tomki" wrote:
> Henrik,
> I think that the fact of virus scanning is more commonly just another
> header in the message, which would not break a properly created
> DKIM-Signature.
Henrik,
I think that the fact of virus scanning is more commonly just another
header in the message, which would not break a properly created
DKIM-Signature.
For example your message (via the list) got to me with extra headers
such as: X-IronPort-AV, X-IronPort-AS
Perhaps that example from an
In Denmark we have a somewhat large (10K+ domains) anti-virus/spam provider
breaking DKIM signatures.
They break DKIM signatures on incoming email by adding a "Virus scanned by
" line to the body of the email.
Not sure how to fix this, but perhaps some day they'll get tired of my
bi-monthly ca
For multiple decades, starting with mail systems predating RFC822, with
everyone one of them there was a common mail engineering taboo, "thou shall not
tamper with mail" and one of the primary anchoring fields, the author of the
message was a principle field you didn't screw around with. You e
Derek Diget writes:
> How are such modifications RFC5321 compliant? See section 3.9.
>
> ...the message header section (RFC5322 [4]) MUST be left unchanged; in
> particular, the "From" field of the header section is unaffected.
RFC 5321 is irrelevant in the case of mailing list management
>2. Mailing lists; although the big ones seem to be rewriting the From
>(thanks).
Just for the record, the mailing lists I know that are rewriting the
From: line are not doing so because the change is in the interest of
their users, but because of the enormous market power of the mail
systems that
On Sep 9, 2014 at 17:08 -, Kelley, John wrote:
=>On 9/9/14 4:39 AM, "Stephen J. Turnbull" wrote:
=>>Kelley, John writes:
=>>
=>> > 1. Auto Forwards, principally where the email is munged in some way
=>> > causing DKIM to fail.
=>> > 2. Mailing lists; although the big ones seem to be rewriting
Steve Atkins writes:
> Some of the changes that have been made to mailing lists to work
> around DMARC have made them significantly less useful.
> It unavoidably breaks the ability to search for emails or filter
> inbound mail by author email address.
It's not unavoidable, but it's certainly
That is should be expected when people monkey around with long time
mail infrastructure. Its a bad idea and sets a terrible precedent by
alluding to the idea "its normal." No its not normal. It will be
exploited and probably its too late to put this one back if a few
mailing list packages are
On Sep 9, 2014, at 1:39 AM, Stephen J. Turnbull wrote:
> Kelley, John writes:
>
>> 1. Auto Forwards, principally where the email is munged in some way
>> causing DKIM to fail.
>> 2. Mailing lists; although the big ones seem to be rewriting the From
>> (thanks).
>
>> From what I've seen on Mail
On 9/9/14 4:39 AM, "Stephen J. Turnbull" wrote:
>Kelley, John writes:
>
> > 1. Auto Forwards, principally where the email is munged in some way
> > causing DKIM to fail.
> > 2. Mailing lists; although the big ones seem to be rewriting the From
> > (thanks).
>
>From what I've seen on Mailman Pro
Kelley, John writes:
> 1. Auto Forwards, principally where the email is munged in some way
> causing DKIM to fail.
> 2. Mailing lists; although the big ones seem to be rewriting the From
> (thanks).
>From what I've seen on Mailman Project lists[1], your users may not feel
the same way, though
-- somebody uses business services to send mail but the business has
an email address in somebody else's domain (think "happy birthday" from your
dentist, for instance).
Elizabeth Zwicky
From: "Kelley, John"
To: "dmarc@ietf.org"
Sent:
Subject: [dmarc-ie
Hi.
I'm not sure if it is too soon to start the discussion on indirect mail
flows, but theses are the chief problems we (AOL) are seeing with indirect
mail.
1. Auto Forwards, principally where the email is munged in some way
causing DKIM to fail.
2. Mailing lists; although the big ones seem to
49 matches
Mail list logo
