DPDK CI discussions
 help / color / mirror / Atom feed
* Re: [dpdk-ci] DMARC mitigation in dpdk.org's mailing list
       [not found] <DM4PR12MB5167367CB92A841E3E9B5B8ADAA39@DM4PR12MB5167.namprd12.prod.outlook.com>
@ 2021-11-08 14:05 ` Ali Alnubani
  0 siblings, 0 replies; only message in thread
From: Ali Alnubani @ 2021-11-08 14:05 UTC (permalink / raw)
  To: announce, stable, dts, ci, govboard, maintainers, marketing,
	security, moving
  Cc: techboard

Hi all,

> -----Original Message-----
> From: Ali Alnubani
> Sent: Thursday, September 23, 2021 12:15 PM
> To: announce@dpdk.org; users@dpdk.org; web@dpdk.org
> Subject: DMARC mitigation in dpdk.org's mailing list
> Hi all,
> Due to the changes that Mailman (our mailing list software) does to posts
> before distributing them, DKIM and DMARC verification will fail for emails
> originating from the domains that support them. This causes some posts to
> go into spam/quarantine and sometimes completely discarded depending on
> the domain's policy.
> DKIM (DomainKeys Identified Mail) is a form of email authentication that
> uses public key cryptography to digitally sign outgoing emails. Senders add
> this signature to the headers of the email message for the receiving mail
> servers to validate against. The sender specifies which of the original headers
> is covered by this signature.
> DMARC (Domain-based Message Authentication, Reporting, and
> Conformance) basically allows domains to publish policies that tell receiving
> mail servers how to handle DKIM verification failures. Strict policies can be
> set to either reject (message not delivered to user's mailbox), or quarantine
> (spam/junk) the messages failing them.
> I would like to propose making some mailing list configuration changes to
> mitigate and reduce signature breakage:
> - Disable prepending subject prefixes (e.g., [dpdk-dev]).
>   Making this change will probably break the rules and filters list members
> have for their mailboxes if they filter by the subject prefix.
>   Members can filter by Mailman's List-Id header instead, or by the To/Cc
> headers.
> - Disable rewriting the "Sender" header.
>   Mailman replaces this header by default with the list's bounce address to
> direct bounces from some broken MTAs to the right destination.
> - Disable conversion of text/html to plain text.
>   Mailman currently strips MIME attachments and does text/html to plain text
> conversion.
> We experimented for a while with these changes in a test list we created
> (https://mails.dpdk.org/listinfo/test-dmarc), and we found that they helped
> in mitigating signature breakage.
> We tested with signed emails from the domains: nvidia.com, broadcom.com,
> and gmail.com. We verified that posts on the test list showed passing
> DKIM/DMARC results in their 'Authentication-Results' header.
> We plan on making these changes to users@dpdk.org and web@dpdk.org
> first, and then to the rest of the lists once we make sure there are no
> unexpected issues.

I'm seeing less DKIM and DMARC breakage from users@dpdk.org and web@dpdk.org after making the changes mentioned above.
I had a discussion with the technical board, and they approved making the changes to the rest of the lists. We'll apply the change in 2 days.

Feedback is still appreciated.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-11-08 14:05 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <DM4PR12MB5167367CB92A841E3E9B5B8ADAA39@DM4PR12MB5167.namprd12.prod.outlook.com>
2021-11-08 14:05 ` [dpdk-ci] DMARC mitigation in dpdk.org's mailing list Ali Alnubani

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).