From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CE395A0548; Fri, 24 Sep 2021 15:06:40 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 55C5A411FA; Fri, 24 Sep 2021 15:06:40 +0200 (CEST) Received: from AZHDRRW-EX01.nvidia.com (azhdrrw-ex01.nvidia.com [20.51.104.162]) by mails.dpdk.org (Postfix) with ESMTP id 4B472411F2; Fri, 24 Sep 2021 15:06:39 +0200 (CEST) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.174) by mxs.oss.nvidia.com (10.13.234.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.15; Fri, 24 Sep 2021 06:06:38 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a0+FuevkZDS9FrMyG6PnksHPQyOgk/cTptPCT4W5zNNALykw5iaeeKOE5nXYzXDy4CAbTgT+Tsb5TS71KjZZC3ZKBir57kDz4PsVOlv9VZBSx6h9Z2nuiWjfygD806/vz4FsDXwd10KPVNGOs+74KLQFuKlpfbLPiYMRIWudf4iJCKZAO0OfMRaxcvFztLRAlurLSn7ZoTfWj2jqOvNlhVo3qhK0XpVneLNWTHA92xzP+UhekTws/+ZKxapu+NsY1a2GsWSIWcsvLgspT4wNDVB3vsvYWitdBCW28RxnA43AXc+CxYBlvoJGegp9CQ+7vYvNHzZs5B1O++z8Tew4qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jAjIBMvyXK0Wh+Fe2GCClHzTeSQaSRXnPvSAWwURFIQ=; b=ZEvwXVPvL66k4gZEOjU0MGnQEbm4GOdh2d7XEz/Mh4WuK8Qv7RphKPmp9nktTQ07CrKjDKXLt1XlrH18qWjvzxRnLf09BQnJxHctubxGRPzAiRdDlBXw7WHI0I4zy3My74PNpSNmV3VjlNBU1tDbjFuKgfpddYpXbGPe7dswsAx+34tGzQnEH5paoTjto8k0UK1V8Mi/aDKNHlOpymjy0OTdQOiB2nincp87lX0Qg6TSDPi96EktIgIr75nDjZV54YQaAid060z3fc/OOaEsVobHONLwA3dHpWa77hwg8h4XDCY2TVcvrPEAR5a9nJLqcYo1gD5Jh8u+I4e5wKchjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jAjIBMvyXK0Wh+Fe2GCClHzTeSQaSRXnPvSAWwURFIQ=; b=N4fV7MO4wdc5JzpWAgWN88Oc+35M/hrWEoY91043p+GdGwMWURxfGiV96SvHdWv3e7PD+KQTsQ+g8hWzrEVR2sPhE78+HZPYJ2sW6CRfNJFK1v9PkPI34vMLGgUd0uF5Z6PPL7RT8wyWzxYd1B05rr47jvbImnfcgmekKQnHeRvEKeJQTOOZzHsXyXwtKCKr/BUOOxWSidUbMRJ0kDrp6wwpT5iQymm7moCqXJP2KVfFO3OjIPigFU70y9H8OKd1y+XSO8Z/rNDtv7tN9UIJojXMCzIML+c0oEvYltMQujamrAZ5UUwKI89vg+607eJgNRwcjYuCb2aWBf3R0PFuIg== Received: from DM4PR12MB5167.namprd12.prod.outlook.com (2603:10b6:5:396::10) by DM6PR12MB5518.namprd12.prod.outlook.com (2603:10b6:5:1b9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Fri, 24 Sep 2021 13:06:34 +0000 Received: from DM4PR12MB5167.namprd12.prod.outlook.com ([fe80::3c73:8e07:c9ba:f6db]) by DM4PR12MB5167.namprd12.prod.outlook.com ([fe80::3c73:8e07:c9ba:f6db%3]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021 13:06:34 +0000 From: Ali Alnubani To: NBU-Contact-Thomas Monjalon , "St Leger, Jim" CC: "techboard@dpdk.org" , "dev@dpdk.org" Thread-Topic: [dpdk-web] DMARC mitigation in dpdk.org's mailing list Thread-Index: AdewW3J1l7se5gCeQnK/zk7UDHZb2AARHpXQACPmmAAABCihQA== Date: Fri, 24 Sep 2021 13:06:34 +0000 Message-ID: References: <2184630.PGi1uXmJ70@thomas> In-Reply-To: <2184630.PGi1uXmJ70@thomas> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: monjalon.net; dkim=none (message not signed) header.d=none;monjalon.net; dmarc=none action=none header.from=nvidia.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f8ae81c2-37fa-4602-7aeb-08d97f5c22ba x-ms-traffictypediagnostic: DM6PR12MB5518: x-ld-processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-transport-forked: True x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5j+ImyrRNwybhZ/jynlKuJOHtxjH0sl67mTQBhiYTq2isLLLn8cLsz8vHetKx8cO3WI/vKy727DrALUUDgcSYzBqqVbnp5Be92Xk1J06DBdL8652OphqftyBWEh+M3mK4RJKRNWSKPHbA7yBwo8pvPcGb0x8c9wPjrAavxeIpiurwL9ETcby1eInoJqZJ0b7/r0Yso0nTEAu90V380X2va4pSlyWr6pCh6vXr97eKDMuOlEKRm0PcAsv5YC+AAq3ySO72fuFDm6WpyLCypeIeACc3W5mOiUPUachXlqsvGi2zucyKRVs0DF+NTs7WP10nrmt5gmJT0DuPWATxtyOlAwACfHEISuwg5km3k5QYGwW4ga5KIQvup09htyMjf6Ui5MlWocL4qjM0GVtVU5SsJ6xhz675+kiFdaRBfd86Ua2VpIio7pcoXuUPqOJGDZlfLas066+Gx/WwmfcwQ/qYVqz7xmIMgNNIPnxFfnlAgVu7wXY8wZcjq0WJkXVJG/YII8YwwoPpohua1WS8Y8G9hMEmyMuYqSlTo4RHpYUWKXMwFlhSLZjdo38M32kAaM9Mst8xnEZ+OLx+7+2rb63GTvILFKJMPItNk8B4vly2/iGAugW+WlQ+4mnuvaSg4RlcjjlcZ7OU0wpOL51B/7LvNQ8gCJTnmb1BKdyhXKzQzUX1wwLgfM+QtoGj9nnzzDm0BD6F4iqDyiWDmjMNcca9ZtIE45WWGr+zZeMHga5e6K/e1F8p1d1FxdGK4JdphUM0v3xgYhL9q8sJO475PGHOCXabRImVSs8dlrJ8IikFbryGrcoLTH8t2hIPCrWCvrEFInmSZ4E61pXp69w4zoqUWfS++5fPAXTzFGDk4Cpel4= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR12MB5167.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(86362001)(55016002)(76116006)(54906003)(66946007)(316002)(66446008)(110136005)(83380400001)(64756008)(508600001)(66476007)(66556008)(52536014)(8676002)(38100700002)(122000001)(2906002)(5660300002)(186003)(26005)(9686003)(966005)(71200400001)(7696005)(8936002)(53546011)(6506007)(450100002)(4326008)(38070700005)(33656002)(223123001)(130980200001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?xVbbP4rgGVj/XfQVdbYl/k8zu897Aq+7zyDMPAf4a2DP4JjMqqpJqaBpCibm?= =?us-ascii?Q?s5rHupMYzJaEk8b4ciy7TVW84Tt9zWd8ccKh3s/KW2L5fEO2KhvOE2hpTbmQ?= =?us-ascii?Q?1FCtbK0TBlIueOAx2sP2a9SrFSCqYqurh6XYWfaqyCpTrmkBK8lJqIv9Z9Mm?= =?us-ascii?Q?6f8F1urzuwv33PwVVSiiMwXb0R7BuESTLbaslMwjCSDk7g08qnvT8RElDU4W?= =?us-ascii?Q?hAwrqtPhiSL45FvzwwBLwt/9S8JkxYU0mwiDue4U2DmW7nJU7SKdgrAvCXYL?= =?us-ascii?Q?ZhYzTkBTEQ8Ues3C1EauOnxZUYnc1kJFHg272WtC0qU5xIOsS6O6m57x5TaR?= =?us-ascii?Q?8zA64tP6o4agEBquFAFRI6+/1p6F3JVNfWVc3vpiANk9E9SlHPiJhP3LS9al?= =?us-ascii?Q?s7OlC3Y9D/hTZ0fQlhdaVEKcH5lpQdqUlh1VaA0UJD1gquhEZ7fmHRT0m1ph?= =?us-ascii?Q?Dcukg9k5n7R7zS0a0gN3VC++oa6IO1+EGWMzZOomuGrrYf3LbVGSdE4ejKho?= =?us-ascii?Q?7tVaJbjI7zYI1tR8fc0xwXi3Zlo7+2W/AewbysCRphRBCRNojHI3rCulXJKW?= =?us-ascii?Q?uZqIjCV6rQpEG1p9mNPHqcAPhsMWlETNascyUpE678pjxQP1O/4iDcoHYeCS?= =?us-ascii?Q?R0b9kumnUUs6CiVjSCZikYO4NCS5iz5iJYdwEDb15gjHYPBK+6XvWiFccraw?= =?us-ascii?Q?mm5VHwtZ3ULPvcNpmHPExR32282lPiqd9N6fdNjIPO50mz+6KIC4PV8CFVh6?= =?us-ascii?Q?WCzqLmDaZfAWK50JnRKOwZ1MhWMRxoZm+GZdWGtHak+a400hPqYsa3jEQ9/6?= =?us-ascii?Q?/l8WzrIZNyxg4BweFnbnwrl8YSc+NAMny8u5BL/x1Xu30/1kXqZ4oK8raVT8?= =?us-ascii?Q?z6wUB4sQ7zHukrOrkZY9dPkvqFD6F30isDTnY6rbdo/5xYz8OMMmeuZtEnrI?= =?us-ascii?Q?k1uYDeg/c38rJqxFHpFuyLLanEJXKAjYXORTgyAx0Y6hCQkq/fLNjEDu1HFp?= =?us-ascii?Q?4w5WTPeAMadcCxXfMslYsHjHb3YCje/7Zu84UYpRHYnmmHw9BtptP8du2DVP?= =?us-ascii?Q?13Z3Gybxc90898kT/Rq1VRmusYKnat2zV+Ui71KeJmAHyE0YSZk9iN668LkB?= =?us-ascii?Q?1qtK3G12qESFaXeITbxata6ditkBCOoTecs+q6bngsA5tayz2UH987QPSasL?= =?us-ascii?Q?VvsacGQsKPzjA3TC3VbmmeTXTk32WkeD62kbHoCMKi1Ya05uoIQ6i+kXCozp?= =?us-ascii?Q?AybU0RBy8LtEiMXEhM2CF6Mq25noEaDKco5G4lAIhxI4wbmuj774Usk8q9fR?= =?us-ascii?Q?h8E=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5167.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8ae81c2-37fa-4602-7aeb-08d97f5c22ba X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 13:06:34.4935 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kiUsYJxTIpnXFxyofUDT+GZ63RAicE8iRz5q731oLA6490bpCtbHVY2VkV6qAiJKLqyCoW4KdgC/MprHWeVZnw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5518 Subject: Re: [dpdk-dev] [dpdk-web] DMARC mitigation in dpdk.org's mailing list X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Jim, Yes I got the techboard's approval during the last meeting. Another alternative we can look into is upgrading to Mailman 3, since it's = now the actively developed version. It has a more modern UI, and along with other features, it has support for = ARC (Authenticated Received Chain) signing, which can help mitigate the DMA= RC issue by preserving email authentication results across subsequent hops = that modify messages, which provides a valid "chain of custody" for email m= essages. Domains that support ARC will consider the ARC signed emails as au= thenticated regardless of the DKIM/DMARC failures. > -----Original Message----- > From: Thomas Monjalon > Sent: Friday, September 24, 2021 1:33 PM > To: St Leger, Jim > Cc: Ali Alnubani ; techboard@dpdk.org; dev@dpdk.org > Subject: Re: [dpdk-web] DMARC mitigation in dpdk.org's mailing list >=20 > Would be interesting to list pros/cons of groups.io. > First problems I can see: > - it means re-registering for everyone > - groups.io is not under our control > - not sure we can have some key features of inbox.dpdk.org: > * thread view > * download >=20 > Ali installed https://inbox.dpdk.org to complement mailman and patchwork, > this is very convenient in many use cases. > Please share the benefits of groups.io. >=20 >=20 > 23/09/2021 19:26, St Leger, Jim: > > Ali: > > > > I have no expertise here. But have we explored moving from Mailman to > groups.io? > > > > I can't speak to the pros/cons of the two. I can only say that for > > many other projects I'm involved in they use groups.io. (I can log in > > there and see all of the projects/groups that I subscribe to.) > > > > Also, have you had this conversation with the Tech Board? It looks like= the > dev@dpdk.org mailing list will be last. Is that also correct? > > > > Thanks, > > Jim > > > > > > -----Original Message----- > > From: announce On Behalf Of Ali > Alnubani > > Sent: Thursday, September 23, 2021 2:15 AM > > To: announce@dpdk.org; users@dpdk.org; web@dpdk.org > > Subject: [dpdk-announce] DMARC mitigation in dpdk.org's mailing list > > > > Hi all, > > > > Due to the changes that Mailman (our mailing list software) does to pos= ts > before distributing them, DKIM and DMARC verification will fail for email= s > originating from the domains that support them. This causes some posts to > go into spam/quarantine and sometimes completely discarded depending on > the domain's policy. > > > > DKIM (DomainKeys Identified Mail) is a form of email authentication tha= t > uses public key cryptography to digitally sign outgoing emails. Senders a= dd > this signature to the headers of the email message for the receiving mail > servers to validate against. The sender specifies which of the original h= eaders > is covered by this signature. > > DMARC (Domain-based Message Authentication, Reporting, and > Conformance) basically allows domains to publish policies that tell recei= ving > mail servers how to handle DKIM verification failures. Strict policies ca= n be > set to either reject (message not delivered to user's mailbox), or quaran= tine > (spam/junk) the messages failing them. > > > > I would like to propose making some mailing list configuration changes = to > mitigate and reduce signature breakage: > > - Disable prepending subject prefixes (e.g., [dpdk-dev]). > > Making this change will probably break the rules and filters list mem= bers > have for their mailboxes if they filter by the subject prefix. > > Members can filter by Mailman's List-Id header instead, or by the To/= Cc > headers. > > - Disable rewriting the "Sender" header. > > Mailman replaces this header by default with the list's bounce addres= s to > direct bounces from some broken MTAs to the right destination. > > - Disable conversion of text/html to plain text. > > Mailman currently strips MIME attachments and does text/html to plain > text conversion. > > > > We experimented for a while with these changes in a test list we create= d > (https://mails.dpdk.org/listinfo/test-dmarc), and we found that they help= ed > in mitigating signature breakage. > > We tested with signed emails from the domains: nvidia.com, > broadcom.com, and gmail.com. We verified that posts on the test list > showed passing DKIM/DMARC results in their 'Authentication-Results' > header. > > > > We plan on making these changes to users@dpdk.org and web@dpdk.org > first, and then to the rest of the lists once we make sure there are no > unexpected issues. > > > > Any feedback will be appreciated. > > > > Thanks, > > Ali > > >=20 >=20 >=20 >=20