[john-users] Envelope sender mailinglist: DMARC errors

Discussion:

Jeroen

2017-11-14 10:51:08 UTC

Hi,

The mailing list sends messages to list members like if they were send by
the original sender. In fact it's spoofing emails. If the sender domain uses
anti-SPAM mechanisms like DMARC, the messages are dropped by properly
configures email servers, or best case flagged as spam or quarantined. Can
this be fixed? Suggestions
@<https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interope
rate_with_DMARC.2C_what_should_I_do.3F>.

Thanks,

Jeroen

Solar Designer

2017-11-15 15:25:43 UTC

Permalink

Post by Jeroen
The mailing list sends messages to list members like if they were send by
the original sender. In fact it's spoofing emails. If the sender domain uses
anti-SPAM mechanisms like DMARC, the messages are dropped by properly
configures email servers, or best case flagged as spam or quarantined. Can
this be fixed?

This is a well-known problem, and no I don't intend to bite the bullet
and work around it for our mailing lists just yet, although I expect to
be forced to eventually.

For now, I recommend that you avoid posting from domains with strict
DMARC policy.

BTW, the problem isn't with "envelope sender" (as you put in the
Subject). Our mailing lists properly rewrite envelope sender, using the
lists.openwall.com domain in there. The problem is with header From,
which we leave intact. Working around this would in fact involve us
starting to spoof header From.

Alexander

Matus UHLAR - fantomas

2017-11-15 18:19:05 UTC

Permalink

Post by Jeroen
The mailing list sends messages to list members like if they were send by
the original sender. In fact it's spoofing emails.

no. It's resending mails from users to members. That's not spoofing.

Post by Jeroen
If the sender domain uses
anti-SPAM mechanisms like DMARC, the messages are dropped by properly
configures email servers, or best case flagged as spam or quarantined. Can
this be fixed? Suggestions
@<https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F>.

what exactly is your problem?

Maybe the only problem is that this list should not add [john-users] to
subject of DKIM-signed mail
modifying subject sucks anyway, filtering should be done on List-ID: header

--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

Solar Designer

2017-11-15 18:51:39 UTC

Permalink

Post by Matus UHLAR - fantomas
Maybe the only problem is that this list should not add [john-users] to
subject of DKIM-signed mail

Yes, either that or we need to rewrite (sort of spoof) header From. For
now, I don't want to do either - just stay away from DMARC when using
mailing lists, please. ;-) When eventually forced, I'm more likely to
implement rewriting of From.

Post by Matus UHLAR - fantomas
modifying subject sucks anyway, filtering should be done on List-ID: header

Many people don't filter messages, but want to spot different lists'
messages easily.

Alexander

Jeroen

2017-11-15 18:52:07 UTC

Permalink

Off-topic but perhaps useful for readers who are not that well-known with
email issue...

Matus UHLAR - fantomas wrote:
<SNAP>

Post by Matus UHLAR - fantomas

Post by Jeroen
The mailing list sends messages to list members like if they were send
by the original sender. In fact it's spoofing emails.

no. It's resending mails from users to members. That's not spoofing.

Hi Matus,

If my From: address is used to submit a message to an outgoing mailserver
that I didn't contact (mother.openwall.net sends the list's messages, I've
sent it to my own server), that's widely considered as email spoofing: the
Openwall mailserver != Jeroen. Perhaps you use another definition and that's
fine :)

<SNAP>

Post by Matus UHLAR - fantomas
what exactly is your problem?

Example:
- DMARC is enabled and in blocking mode for the sender's email domain.
- Provider of mailing list member uses provider that checks DMARC (e.g.
Google / Gmail, also other big ones).
- Email is dropped by Google's email server and will not be delivered to all
list member.
- Result: my message doesn't reach all list members.

A real-life example (reason for this tread):

---
This is a spf/dkim authentication-failure report for an email message
received from IP 195.42.179.200 on Tue, 14 Nov 2017 18:51:30 +0800.
Below is some detail information about this message:
1. SPF-authenticated Identifiers: lists.openwall.com; 2.
DKIM-authenticated Identifiers: none; 3. DMARC Mechanism Check Result:
Identifier non-aligned, DMARC mechanism check failures;

For more information please check Aggregate Reports or mail to
***@163.com.
--

Post by Matus UHLAR - fantomas
Maybe the only problem is that this list should not add [john-users] to
subject of DKIM-signed mail modifying subject sucks anyway, filtering

should

Post by Matus UHLAR - fantomas
be done on List-ID: header

This is all irrelevant for DMARC.

Alexander mentioned that there the configuration will not be changed yet and
suggested to use an email address for posting in an email domain that is
less strict. Clear answer and a good advice for everyone with similar
issues.

Cheers,

Jeroen