From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A3BF0A0548; Fri, 24 Sep 2021 12:33:04 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8DE3D4126F; Fri, 24 Sep 2021 12:33:04 +0200 (CEST) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by mails.dpdk.org (Postfix) with ESMTP id 338C04122D; Fri, 24 Sep 2021 12:33:02 +0200 (CEST) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id C38EB320153D; Fri, 24 Sep 2021 06:33:00 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Fri, 24 Sep 2021 06:33:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=fm2; bh= htXSlSRxWN2fnaMc/9U9ERLWtL3kmxlHJVS1sJXVU+E=; b=Ca4BoiJ2KiVEZz5s d/F0UA6cyknFbsH8FOaLoPgzadLjz5uDPF9l5e9M3f9yWfhmsVHZApmU0/t1J5z2 zjyliqvoP5MHbS4QN1dxFxDSQbjl15c765Ik9ujka6rCjKo/p8QJ3rDQPu1V1ZuT e3JA1QdunhNjvcmczf+PG/BMF37S1T4pSrMnWJcyC7NTuFA6jsPBTjpVCcTfgBYr rbl5MXP8zQOGrG8QnyBwUA1Pl6WFEX/1c0hwpXO/Nx5fmf2NpkwXe9BJA0V71qX7 0C3nkf3nHzpiPgTCQyzx0dNRis6VPejMZDLWvcaSGK5N3nf9012VcYeMqeXq0Ft0 DT57DA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=htXSlSRxWN2fnaMc/9U9ERLWtL3kmxlHJVS1sJXVU +E=; b=MG3mEzfGZc3DnFm9lqU7a1BIFZ3BNKalKOf10Yn3rJfbeSfGSS7l8uPvF G9u13UfVlBUL1c+8rwUqa6Kscuo8nyGSGoXVqLJcuoqfsH1GmA5RQbifZgiMcxUb m3ijls+xZ8cpIjNDryC+naL6Ukstih9Gu7+ryMvQQIwhsjnbCe5UuT6xl91G9UMU a/XmgTzN0DshCh4sZ+/qFSUFd7AMwl5anDkpJaQzs27AAbpZTEnD6iiLfxWhyHIQ 4ydqOhd78NVxlEeipusuPNAKV8sFsKhi41ifeUO7UPedyUisngFzfvPHot6Ny4wn ZKXmx8I7PaI4odlfzWpchEad3JufQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudejuddgvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkfgjfhgggfgtsehtufertddttddvnecuhfhrohhmpefvhhhomhgr shcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlhhonhdrnhgvtheqnecugg ftrfgrthhtvghrnhepteehleduhefhlefhieefueeukeegledtheduffejteekgedtteef jeetlefgudffnecuffhomhgrihhnpeguphgukhdrohhrghdpghhrohhuphhsrdhiohenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgr shesmhhonhhjrghlohhnrdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 24 Sep 2021 06:32:58 -0400 (EDT) From: Thomas Monjalon To: "St Leger, Jim" Cc: Ali Alnubani , techboard@dpdk.org, dev@dpdk.org Date: Fri, 24 Sep 2021 12:32:52 +0200 Message-ID: <2184630.PGi1uXmJ70@thomas> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [dpdk-web] DMARC mitigation in dpdk.org's mailing list X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Would be interesting to list pros/cons of groups.io. First problems I can see: - it means re-registering for everyone - groups.io is not under our control - not sure we can have some key features of inbox.dpdk.org: * thread view * download Ali installed https://inbox.dpdk.org to complement mailman and patchwork, this is very convenient in many use cases. Please share the benefits of groups.io. 23/09/2021 19:26, St Leger, Jim: > Ali: > > I have no expertise here. But have we explored moving from Mailman to groups.io? > > I can't speak to the pros/cons of the two. I can only say that for many other projects I'm involved in they use groups.io. (I can log in there and see all of the projects/groups that I subscribe to.) > > Also, have you had this conversation with the Tech Board? It looks like the dev@dpdk.org mailing list will be last. Is that also correct? > > Thanks, > Jim > > > -----Original Message----- > From: announce On Behalf Of Ali Alnubani > Sent: Thursday, September 23, 2021 2:15 AM > To: announce@dpdk.org; users@dpdk.org; web@dpdk.org > Subject: [dpdk-announce] DMARC mitigation in dpdk.org's mailing list > > Hi all, > > Due to the changes that Mailman (our mailing list software) does to posts before distributing them, DKIM and DMARC verification will fail for emails originating from the domains that support them. This causes some posts to go into spam/quarantine and sometimes completely discarded depending on the domain's policy. > > DKIM (DomainKeys Identified Mail) is a form of email authentication that uses public key cryptography to digitally sign outgoing emails. Senders add this signature to the headers of the email message for the receiving mail servers to validate against. The sender specifies which of the original headers is covered by this signature. > DMARC (Domain-based Message Authentication, Reporting, and Conformance) basically allows domains to publish policies that tell receiving mail servers how to handle DKIM verification failures. Strict policies can be set to either reject (message not delivered to user's mailbox), or quarantine (spam/junk) the messages failing them. > > I would like to propose making some mailing list configuration changes to mitigate and reduce signature breakage: > - Disable prepending subject prefixes (e.g., [dpdk-dev]). > Making this change will probably break the rules and filters list members have for their mailboxes if they filter by the subject prefix. > Members can filter by Mailman's List-Id header instead, or by the To/Cc headers. > - Disable rewriting the "Sender" header. > Mailman replaces this header by default with the list's bounce address to direct bounces from some broken MTAs to the right destination. > - Disable conversion of text/html to plain text. > Mailman currently strips MIME attachments and does text/html to plain text conversion. > > We experimented for a while with these changes in a test list we created (https://mails.dpdk.org/listinfo/test-dmarc), and we found that they helped in mitigating signature breakage. > We tested with signed emails from the domains: nvidia.com, broadcom.com, and gmail.com. We verified that posts on the test list showed passing DKIM/DMARC results in their 'Authentication-Results' header. > > We plan on making these changes to users@dpdk.org and web@dpdk.org first, and then to the rest of the lists once we make sure there are no unexpected issues. > > Any feedback will be appreciated. > > Thanks, > Ali >