Dnia 20.06.2022 o godz. 18:53:41 Alessandro Vesely via mailop pisze: > > been discussed here multiple times. So mailing list would have to rewrite > > the header-from of the messages, which indeed some mailing lists do (eg. > > Google Groups), but I consider this being more a problem than a solution. > > I don't see what's the problem in rewriting.
You don't see a problem in rewriting *header* From: ??? > I cannot send you a faked > message pretending to be from the mailing list, and that's good. That's not the point. The point is, the mailing list itself sends you a faked message. The message pretends to be from mailing list itself while it is actually from me. It also falsely claims that e-mail address of the mailing list is my e-mail address. Try sending a message to this list from a domain that has p=reject DMARC policy. The list will rewrite the *header* From: to address of the group itself in order for DMARC to pass, and the above happens. > Mailing lists can operate minimal changes, like this list does, for example. > I received your message with "From: Jaroslaw Rafa <r...@rafa.eu.org>" after > my filter verified that your DKIM signature still validates upon undoing > their changes. If my domain had DMARC record with p=reject instead of p=none, you would receive a message with: "From: Jaroslaw Rafa via mailop <mailop@mailop.org>". You can find a lot of such examples in the messages from other people on this list. Other mailing lists perform similar rewriting. You don't see a problem with this? Because I see at least two. First, it claims that the message author is mailop@mailop.org, while it actually isn't. Second, it claims that e-mail address mailop@mailop.org belongs to Jaroslaw Rafa, while it actually doesn't. So the message is faked in order for DMARC to pass. > So you'd keep on trying to forward blindly to u...@example.com even after > user withdrew his account at example.com and example.com itself dropped the > domain name? Or else you change the bounce address to someone who can amend > that dot-forward file. Who is the "you" you are referring to? Is "you" the author of the MTA that does the forwarding, or is "you" the user who simply put u...@example.com in his .forward file? Because in the second case the user is not responsible for "changing the bounce address" (and often cannot do it, if he's not a server admin as well). He just uses the feature as it was designed by someone who wrote the MTA. As I wrote in my previous email - blaming *users* using the feature *as it was designed* for non-rewriting the bounce address is unreasonable. If anybody should do anything about this, it's the developer of the MTA in question. But I'm not sure if they really should. To my knowledge, most MTAs don't do any rewriting when forwarding the message either by means of .forward file or an alias. I guess they have a reason to not touch the bounce address, because it is not very clear which address one should change it to (especially when forwarding is via alias and not a .forward file). And from a recipient point of view - for example thinking of spam filtering - I'm not sure if I want to receive a forwarded message with rewritten envelope-from. My spam filters would then associate the message with a wrong sender, and for example if I blacklisted spam...@spamdomain.com in check_sender_access, forwarded messages from that sender with rewritten envelope-from would get through. I'd rather prefer to receive the message with original envelope-from untouched (as MTAs actually do). -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
