Ali:

I have no expertise here. But have we explored moving from Mailman to groups.io?

I can't speak to the pros/cons of the two. I can only say that for many other 
projects I'm involved in they use groups.io. (I can log in there and see all of 
the projects/groups that I subscribe to.)

Also, have you had this conversation with the Tech Board? It looks like the 
d...@dpdk.org mailing list will be last. Is that also correct?

Thanks,
Jim


-----Original Message-----
From: announce <announce-boun...@dpdk.org> On Behalf Of Ali Alnubani
Sent: Thursday, September 23, 2021 2:15 AM
To: annou...@dpdk.org; users@dpdk.org; w...@dpdk.org
Subject: [dpdk-announce] DMARC mitigation in dpdk.org's mailing list

Hi all,

Due to the changes that Mailman (our mailing list software) does to posts 
before distributing them, DKIM and DMARC verification will fail for emails 
originating from the domains that support them. This causes some posts to go 
into spam/quarantine and sometimes completely discarded depending on the 
domain's policy.

DKIM (DomainKeys Identified Mail) is a form of email authentication that uses 
public key cryptography to digitally sign outgoing emails. Senders add this 
signature to the headers of the email message for the receiving mail servers to 
validate against. The sender specifies which of the original headers is covered 
by this signature.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) 
basically allows domains to publish policies that tell receiving mail servers 
how to handle DKIM verification failures. Strict policies can be set to either 
reject (message not delivered to user's mailbox), or quarantine (spam/junk) the 
messages failing them.

I would like to propose making some mailing list configuration changes to 
mitigate and reduce signature breakage:
- Disable prepending subject prefixes (e.g., [dpdk-dev]).
  Making this change will probably break the rules and filters list members 
have for their mailboxes if they filter by the subject prefix.
  Members can filter by Mailman's List-Id header instead, or by the To/Cc 
headers.
- Disable rewriting the "Sender" header.
  Mailman replaces this header by default with the list's bounce address to 
direct bounces from some broken MTAs to the right destination.
- Disable conversion of text/html to plain text.
  Mailman currently strips MIME attachments and does text/html to plain text 
conversion.

We experimented for a while with these changes in a test list we created 
(https://mails.dpdk.org/listinfo/test-dmarc), and we found that they helped in 
mitigating signature breakage.
We tested with signed emails from the domains: nvidia.com, broadcom.com, and 
gmail.com. We verified that posts on the test list showed passing DKIM/DMARC 
results in their 'Authentication-Results' header.

We plan on making these changes to users@dpdk.org and w...@dpdk.org first, and 
then to the rest of the lists once we make sure there are no unexpected issues.

Any feedback will be appreciated.

Thanks,
Ali

Reply via email to