30 Jan
2022
30 Jan
'22
1:52 a.m.
I think that one possible solution to reduce confusion is this:
instead of the mail server sending email out like this:
"From: Sean Greenslade via sudo-discuss <sudo-discuss(a)sudoroom.org>"
we should change the name part slightly to put sudo-discuss first:
"From: sudo-discuss Sean Greenslade <sudo-discuss(a)sudoroom.org>"
that way, gmail users will see "sudo-discuss" in the places where Gmail
abbreviates the From description. That's the most important information at
that time.
If they want to know which sender created the email, they can look at the
writing style, wall-of-text, or whatever, and eventually see the signature.
But at least it will reduce confusion
-jake
On Sat, 29 Jan 2022, Sean Greenslade via sudo-discuss wrote:
On Sat, Jan 29, 2022 at 12:59:42PM -0800, Andrew R
Gross wrote:
Can you explain what DMARC is and why the reply
setup is necessary for it?
I tried to google it but didn't understand how it connects.
There's a very deep rabbit hole to go down when you start discussing all
the various interlinking components of modern email. I'll give the short
version, since this is probably veering pretty far off-topic for the
sudo-discuss@ list.
DMARC is a primarily a method of authenticating a given message to
ensure that it was actually sent by who it purports to be from. One of
the ways it does this is by allowing the owner of a domain name to
specify that emails from that domain must be signed in a specific way
(typically DKIM signatures). It can also require that mail from that
domain comes from an authorized server (via SPF rules).
This is all well and good until a mailing list gets involved. If the
list server were to take a message and just forward it as-is, the
message would no longer align with the SPF record since the list server
is operating under a different domain. The list server also can't
pretend to be the original sender's domain since that would cause the
SPF check to outright fail.
Additionally, mailing lists will usually modify the message, for example
by adding list headers, unsubscribe links, or adding the list address as
the reply-to. This will break some DKIM signatures, and most end users
have no way of affecting how their mail server signs outgoing mails.
Breaking either SPF or DKIM can cause DMARC to fail and thus make any
list recipient's mail server that is set to enforce DMARC restrictions
reject the mail. These rejections go back to the list server, which may
unsubscribe the unlucky recipient through no fault of their own (since
their mail server is correctly rejecting a DMARC failure as the original
sender requested).
Thus the solution is to decouple the mailing list message from the
original domain. This is done by editing the From: header to use the
list address. Thus, recipients of the list message will check the DMARC
restrictions of the list server, which should always pass for valid list
messages (mailing list domains typically use a DMARC policy of "none").
This message modification strategy has its own downsides, but that's a
discussion better suited for the mailop@ mailing list.
--Sean
_______________________________________________
sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org
To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org