DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ali Alnubani <alialnu@nvidia.com>
To: "announce@dpdk.org" <announce@dpdk.org>,
	"stable@dpdk.org" <stable@dpdk.org>,
	"dts@dpdk.org" <dts@dpdk.org>, "ci@dpdk.org" <ci@dpdk.org>,
	"govboard@dpdk.org" <govboard@dpdk.org>,
	"maintainers@dpdk.org" <maintainers@dpdk.org>,
	"marketing@dpdk.org" <marketing@dpdk.org>,
	"security@dpdk.org" <security@dpdk.org>,
	"moving@dpdk.org" <moving@dpdk.org>
Cc: "techboard@dpdk.org" <techboard@dpdk.org>
Subject: Re: [dpdk-dev] [dpdk-announce] DMARC mitigation in dpdk.org's mailing list
Date: Mon, 8 Nov 2021 14:05:42 +0000	[thread overview]
Message-ID: <DM4PR12MB516733236B26CF6F809F5BD8DA919@DM4PR12MB5167.namprd12.prod.outlook.com> (raw)
In-Reply-To: <DM4PR12MB5167367CB92A841E3E9B5B8ADAA39@DM4PR12MB5167.namprd12.prod.outlook.com>

Hi all,

> -----Original Message-----
> From: Ali Alnubani
> Sent: Thursday, September 23, 2021 12:15 PM
> To: announce@dpdk.org; users@dpdk.org; web@dpdk.org
> Subject: DMARC mitigation in dpdk.org's mailing list
> 
> Hi all,
> 
> Due to the changes that Mailman (our mailing list software) does to posts
> before distributing them, DKIM and DMARC verification will fail for emails
> originating from the domains that support them. This causes some posts to
> go into spam/quarantine and sometimes completely discarded depending on
> the domain's policy.
> 
> DKIM (DomainKeys Identified Mail) is a form of email authentication that
> uses public key cryptography to digitally sign outgoing emails. Senders add
> this signature to the headers of the email message for the receiving mail
> servers to validate against. The sender specifies which of the original headers
> is covered by this signature.
> DMARC (Domain-based Message Authentication, Reporting, and
> Conformance) basically allows domains to publish policies that tell receiving
> mail servers how to handle DKIM verification failures. Strict policies can be
> set to either reject (message not delivered to user's mailbox), or quarantine
> (spam/junk) the messages failing them.
> 
> I would like to propose making some mailing list configuration changes to
> mitigate and reduce signature breakage:
> - Disable prepending subject prefixes (e.g., [dpdk-dev]).
>   Making this change will probably break the rules and filters list members
> have for their mailboxes if they filter by the subject prefix.
>   Members can filter by Mailman's List-Id header instead, or by the To/Cc
> headers.
> - Disable rewriting the "Sender" header.
>   Mailman replaces this header by default with the list's bounce address to
> direct bounces from some broken MTAs to the right destination.
> - Disable conversion of text/html to plain text.
>   Mailman currently strips MIME attachments and does text/html to plain text
> conversion.
> 
> We experimented for a while with these changes in a test list we created
> (https://mails.dpdk.org/listinfo/test-dmarc), and we found that they helped
> in mitigating signature breakage.
> We tested with signed emails from the domains: nvidia.com, broadcom.com,
> and gmail.com. We verified that posts on the test list showed passing
> DKIM/DMARC results in their 'Authentication-Results' header.
> 
> We plan on making these changes to users@dpdk.org and web@dpdk.org
> first, and then to the rest of the lists once we make sure there are no
> unexpected issues.
> 

I'm seeing less DKIM and DMARC breakage from users@dpdk.org and web@dpdk.org after making the changes mentioned above.
I had a discussion with the technical board, and they approved making the changes to the rest of the lists. We'll apply the change in 2 days.

Feedback is still appreciated.

Thanks,
Ali

      parent reply	other threads:[~2021-11-09  8:46 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-23  9:15 Ali Alnubani
     [not found] ` <SJ0PR11MB567875CF109284B0A46C9381DFA39@SJ0PR11MB5678.namprd11.prod.outlook.com>
2021-09-24 10:32   ` [dpdk-dev] [dpdk-web] " Thomas Monjalon
2021-09-24 13:06     ` Ali Alnubani
2021-11-08 14:05 ` Ali Alnubani [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM4PR12MB516733236B26CF6F809F5BD8DA919@DM4PR12MB5167.namprd12.prod.outlook.com \
    --to=alialnu@nvidia.com \
    --cc=announce@dpdk.org \
    --cc=ci@dpdk.org \
    --cc=dts@dpdk.org \
    --cc=govboard@dpdk.org \
    --cc=maintainers@dpdk.org \
    --cc=marketing@dpdk.org \
    --cc=moving@dpdk.org \
    --cc=security@dpdk.org \
    --cc=stable@dpdk.org \
    --cc=techboard@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).