On 20/04/19 3:15 PM, Peter wrote:
I'm not disagreeing with any of this. It simply boils down to that when
a current RFC recommends a certain practice you shouldn't be surprised
that people will follow that recommendation. What then follows is that
people who use google, microsoft or other major ESPs that enforce DMARC
will end up either not getting a large portion of messages sent to the
list, or have to hunt through Spam to find them. At the end of the day
this means that the practical implications of this are problematic at best.
It means that I also take issue when Wietse ways that the mailing list
is DKIM compliant, because clearly that statement is based on the DKIM
signature not including certain headers that the mailing list alters.
What might be more accurate is to say that the mailing list is DKIM
compliant just as long as the DKIM signature doesn't include certain
headers, some of which are actually recommended to be included by the
relevant RFCs. When looked at in that light it becomes more clear that
the DKIM compliance of the mailing list is spotty at best.
Just as a follow on, I've been finding that taking the approach of
trying to pass on messages in a mailing list unaltered without them
being marked as SPAM is in this day and age becoming increasingly
difficult and perhaps this approach should be abandoned as I believe the
situation will only get worse in the future.
Instead of taking the approach that we can pass on these messages
unaltered and keep the original authenticity intact, perhaps we should
intead take the approach that we are not just passing these messages on,
but rather re-authoring the messages so that they originate from the
mailing list itself rather than from the original sender. This
essentially requires taking ownership of the messages so that it becomes
the mailing lists own reputation that defines deliver-ability rather
than that of the original sender. This is the approach being taken by
an increasing number of MLMs (such as GNU MailMan).
Fortunately we don't actually have to switch to a modern MLM in order to
take this approach as it can be achieved largely through the postfix
backend without the help of the MLM:
* Use header_checks to strip out any existing DKIM signatures and
rewrite the From: header.
* Use canonical_maps or sender_canonical_maps to rewrite the envelope
sender (probably not needed here or already implemented as the envelope
sender is indeed already rewritten for this list).
* DKIM: sign the resulting messages with our own DKIM signature, after
making any changes to the message.
* Anti-SPAM: I have yet to see much of any SPAM sent through this list,
so I assume that the Anti-SPAM solution on it is already quite good, but
as a general rule, since we would be taking complete ownership of any
posts sent to the list it pays to not be doing so for a bunch of SPAM.
While I do understand the ideal of keeping messages pristine and
unaltered, I think the current and future email landscapes with major
ESPs is simply going to make that approach increasingly impractical.
Peter
