From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0C0DCA0C4E for ; Mon, 8 Nov 2021 15:05:48 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7E76E4115E; Mon, 8 Nov 2021 15:05:47 +0100 (CET) Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2062.outbound.protection.outlook.com [40.107.212.62]) by mails.dpdk.org (Postfix) with ESMTP id DD4FF40E28; Mon, 8 Nov 2021 15:05:44 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PFufuxuK1FlG/yn3nWZKntHgt7B4GjytM8ErkSrQtNfdsR3mMalXJCxs/PN1mVDeTgHdzc5eWiS4eEHqxLEro0kthtmvSAmHr5m2GFHgU5ez65wDSUvq9dmwj+7ZyIGDiWoHyo3gwft+mXqcAvP3hxx6CrJ9zFujx9gihh3w8IrCTiWal81sEERE/5mX4j9n9v5MjVqj/3DRZtDBbNl/9Cq8jNMkaHu43VVTlxgxCQvaWEtleZ55LMUZD/p+AFC4k3uRz8Kva4X9jogQ/VKqWJ+8IhSCLqpxOzjZkns7KzTKM7OOktJyeKv4hbG+4b1TPaxflOnKyZPAD8uTM+gkMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Cg2BsDNtTQhNtrMVXBQTImhSzUyx1d/UkxpxLWgUsuw=; b=Bu/+IlrmIrf8s0XIVQ5eRccAkOSfZwx6RfOyzZQ+BBDHfOkAMsiYUOsFKjQuL7xmt2ZOl5yL7k6EgpPRkHrc2h9rtG805+nq9NiXqCjth06FpbPetKEP6J92yGWzfD5VV/IiU07qYKBpbnsSgkKzwsum7Ng0B9oPwOpN/q/v9JHu2W8EQKc6tmOspVRu0a0Lq5Ee0Yd6D+ehbn2RFDmDi1QdCCoVLylzy51MAzekpUYBndlEEQMI1mlMAew8yab24Rrl8dH2wO07LJK5fMoYRXVju1p4B7QVKJgsVZ/tktOB2sRVarvD/qN6xpClivJNzFQNdDf8LjwwNTiQwz9cuQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cg2BsDNtTQhNtrMVXBQTImhSzUyx1d/UkxpxLWgUsuw=; b=uHmc9l2O+OvUV3Ai6P2jO6r6AajxBfGpMENuJ3mNUVN2ERL7RMMCIlcP/SkmuczsJRJNjtf9Kg4ulkT8VUGQeYe6Ate9T+G0KpItbvtZfdxN0m589CV9e/NJjrUPfqwBOQ5fIGorzx5UQJ5fTctkkCOwANbUs690n6+xO0Np2um2a9WskR5IOMGKOjcyPuTmoCS4pViXG/HQEjZQ25Pvd8kObaBhe1XzG8W+njRQ8JmnRyJlfNJwcwIZD/CUqSJAABmtj6wlwzA/ut3NvoGT1OR6EbOKn+vsU3o/+2EaypTSI/O6bXeTId+ZAPky+Co/sBQxgoCh8JBoSP53WAUZfw== Received: from DM4PR12MB5167.namprd12.prod.outlook.com (2603:10b6:5:396::10) by DM4PR12MB5087.namprd12.prod.outlook.com (2603:10b6:5:38a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11; Mon, 8 Nov 2021 14:05:43 +0000 Received: from DM4PR12MB5167.namprd12.prod.outlook.com ([fe80::c5e8:f3c:53d9:d6ce]) by DM4PR12MB5167.namprd12.prod.outlook.com ([fe80::c5e8:f3c:53d9:d6ce%9]) with mapi id 15.20.4669.013; Mon, 8 Nov 2021 14:05:43 +0000 From: Ali Alnubani To: "announce@dpdk.org" , "stable@dpdk.org" , "dts@dpdk.org" , "ci@dpdk.org" , "govboard@dpdk.org" , "maintainers@dpdk.org" , "marketing@dpdk.org" , "security@dpdk.org" , "moving@dpdk.org" CC: "techboard@dpdk.org" Thread-Topic: DMARC mitigation in dpdk.org's mailing list Thread-Index: AdewW3J1l7se5gCeQnK/zk7UDHZb2AkNlHpg Date: Mon, 8 Nov 2021 14:05:42 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dpdk.org; dkim=none (message not signed) header.d=none;dpdk.org; dmarc=none action=none header.from=nvidia.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4cfb8ba1-aee3-445d-0a0a-08d9a2c0da64 x-ms-traffictypediagnostic: DM4PR12MB5087: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: y/+jqH6nrKuY6PZYTjmzlAgZeUXvZXYyC8mbq0J50RB84480Bd0T+gbHyALopeqUkWPW5rl6f6xUzTCNx3F/8r3oqBj4vasV+OPuAU+h+Pomo8OSKysMpCg2NEHKC1GI6jw2rfEzMJgd4JXTEhMPluYK01CVKFFczp7h5xQzvdWN55RpKfX9Ya1XcgsZgFh37BxiwJ78npd8MsW3m1ke5P8Z3GxmUV8PdgoQXm6reuQwkaxu5FIhmBb8ZAz5CRPCJ02bhTunrC/LiCE4JBlRXVyerAeYGYx/RJQrgUJDytu7lFNcBOA1UvGqTODhXpLMnx5hAvTM6CpzkuFBn4htp7lMjpweTgixZHexTu7DMroqWsko4weWzU0Bo28k6L+Oy5q7g0obDPcmXWZ6BbS0gIhTDjGZCTvMTLY3OTRav640K88KgV4eGy3bH9ve7joXiHXcwelpR53V4c0nwv/mfcWT0IfkUpl3pPPoa7glacIgN6/OqTepymRtsMhV/3lAeQVhyTqC9DT5DVTg/UqeLFeASLP7chXmZBxznq1+lWyDBwE3BqxgU6iKS1BzubFI4HPtzTIM3j5TOQY4KCR1L0i35UC7nFxv75ZvBI2pZNOw4s4GuCkVqJSIxuFgAy02/MLju2VoL+smiNAQJ6cKDZaOpHvzEKmHSW1Kh16XJhGO6oHEqGCkz3+6CYEX2KvK87f+VrZf1qYKpPtD1E0MsVEiJmJgc79V1OtndNhO0D3UkZEtmOkPiUHF772rSTGSVdEcUqLhOjU9wcb7AfJGwA66nKmonpuoe2mwntnhStgpxK9rWPu4vXQmgNStEkZHHKqXmWJag5CNASvMNPWmuZqSsDYJ9+h7kzLb9fcqJWc= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR12MB5167.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6506007)(7696005)(186003)(83380400001)(55016002)(33656002)(52536014)(64756008)(66446008)(53546011)(86362001)(316002)(2906002)(8676002)(9686003)(76116006)(8936002)(450100002)(38070700005)(4326008)(66556008)(38100700002)(122000001)(508600001)(66476007)(66946007)(7416002)(110136005)(26005)(5660300002)(71200400001)(223123001)(130980200001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?UEURPe1kneeWTk/lTKwoLuFM4IgoNdOycl650GvNSZU45PSKYngi79bFkqcd?= =?us-ascii?Q?wmCoA6KHteNPCjvu6L86h0MVBnkaiQez89Qnbwkfl4c5A4ZpjdlkVfN/aJiJ?= =?us-ascii?Q?MA99bWJv+htUKIas20I96xvVSanipcp98Kn+qWWuFofZZDonkSMS3NcZdax9?= =?us-ascii?Q?ZeWZmgS0n5owSp9Ws72RUAF0pUqCbwFH6OVbGDklFvLHbnNQOUpAfm9RbdvR?= =?us-ascii?Q?QqJY2YWCYP5FPYkHiGlzK/H8MJsAJg5YHtJKbaHwj8r/Ii09DWAECiK6JmeJ?= =?us-ascii?Q?HdmYRRHSo85RQJvmkxhERbapq1ZMUSdvdtm5cIJpff/BW7okrTrDiRrwSByq?= =?us-ascii?Q?LFLE9lTezgeKYKg7YpcjNakBAw8YZb/8PRpFrXzokiXeaGHSOWSUe55rK3K+?= =?us-ascii?Q?7/R/gDMPMEe/ABZIvlOVVXR69THjDF9HGf9rmbQtFqYHIyuiPIvPR88e2qLU?= =?us-ascii?Q?v/66JkoEvx4JsdFuSVsWYX99wD3vemWJZ9ATmrc276ckT0Mi8FdK0Iezy5rr?= =?us-ascii?Q?1MXo6A+v8Rqcf42rcqZQ5eNVkIVIj2uUheCBSrxpGJmha7nGuS+OLeltm0UQ?= =?us-ascii?Q?PbBh+5hB6nd6Gmpu0Hjqfw2hGS5OYgkpEb6RFeCwA8GHZOOxqGiF1P0TzygY?= =?us-ascii?Q?P+/2Qr977iHeezZ1mymhaimt4SG2RTyzFLJGsmHV2oHnjhLcsxTaOfWxJ1o+?= =?us-ascii?Q?YHomf/9LjaepGGq1ntXuV6Y4y+YIVenD4f2s/zf95a5fRyk0NmfdScK+Sqoo?= =?us-ascii?Q?hHGLNHUz2w4DR71BU4CiL3a/NOP08boKHcCmYsetg9FPgeqQrFHSMaD9fNHc?= =?us-ascii?Q?V0qTcFawAB9YoY1D7ji9f6bYyRjPXWoluBeSp2UOaneFN9ZeSSDHanaszKfz?= =?us-ascii?Q?cvs56emEvBlGcySXfBsBoDdIzV/VRwTa5+eN70X77r2Mgbk0X5LJ/UYIpOH3?= =?us-ascii?Q?gm2wt50GHzlmScL20uTjzDhw9AW6JOt8sjA4kVx7wvG6OwVewaNyroLUauEo?= =?us-ascii?Q?wkizYS56NfT6Qnw5I/58oJl4fwS2Wiieqhxw3JHA6uJFuS6leVHj2ohxrtkM?= =?us-ascii?Q?8yVrP77m174Ox9RDNJIkNUqJacPdg3UwIb6QbqS9DRWq5d7qyRFDlNCnlhvh?= =?us-ascii?Q?eXTPq8kj6fWjX3s0MLeaqYUd0tDPEwH3Ck+9eb+Epj+ORvXc0IqMYD37++Ck?= =?us-ascii?Q?PaLMsyMNUwlYtrJrT46SwvVrlMGsv7eYLqLp0ctk89YDC1wH0YhobHPzK5W7?= =?us-ascii?Q?xnXOEC2FUfBXT0q/71M0cd3lQrOFEVAqKhkOCuCs61gbQG2+acVdTnUZVEQr?= =?us-ascii?Q?ok7XgpzirPv5Zc8TXIcYJMd5K8Xa4yeooassYjJAIwkuT8gfNPwFWIEiCuZ9?= =?us-ascii?Q?9yL+dFGJdWgb2G1bJnnQM2JFbp/dKzBu3y2Knn2S+RQmz0YWe2f3hHgoxTTl?= =?us-ascii?Q?2AGSvDp+IA6lf7aqh4irCNSDqsKibVo1XBD60Do2XfdRA+1XAnkKC+fgNVwN?= =?us-ascii?Q?qXVXSJU1bqofPnSpTlV+XHINa41kWg0gC64RudmF2PsDrxi7S2weE/dqpX7r?= =?us-ascii?Q?Z5Sj4ulTix7GCeteo+ovGP8WojGFZCKqkebIhBhkI/ryz46aAt4r0A2OICEM?= =?us-ascii?Q?/9esXzZ7/UUeWAYHkxCTrS0=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5167.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4cfb8ba1-aee3-445d-0a0a-08d9a2c0da64 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2021 14:05:42.9930 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: plF8fjGC2Oz34b3H3j3gNovdvmdyy2TFZhzwEbw6Dk2t702gZiOKqdpRPUxJNbuboXcg29jpoEDd7abmLbxfDw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5087 Subject: Re: [dpdk-moving] DMARC mitigation in dpdk.org's mailing list X-BeenThere: moving@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK community structure changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: moving-bounces@dpdk.org Sender: "moving" Hi all, > -----Original Message----- > From: Ali Alnubani > Sent: Thursday, September 23, 2021 12:15 PM > To: announce@dpdk.org; users@dpdk.org; web@dpdk.org > Subject: DMARC mitigation in dpdk.org's mailing list >=20 > Hi all, >=20 > Due to the changes that Mailman (our mailing list software) does to posts > before distributing them, DKIM and DMARC verification will fail for email= s > originating from the domains that support them. This causes some posts to > go into spam/quarantine and sometimes completely discarded depending on > the domain's policy. >=20 > DKIM (DomainKeys Identified Mail) is a form of email authentication that > uses public key cryptography to digitally sign outgoing emails. Senders a= dd > this signature to the headers of the email message for the receiving mail > servers to validate against. The sender specifies which of the original h= eaders > is covered by this signature. > DMARC (Domain-based Message Authentication, Reporting, and > Conformance) basically allows domains to publish policies that tell recei= ving > mail servers how to handle DKIM verification failures. Strict policies ca= n be > set to either reject (message not delivered to user's mailbox), or quaran= tine > (spam/junk) the messages failing them. >=20 > I would like to propose making some mailing list configuration changes to > mitigate and reduce signature breakage: > - Disable prepending subject prefixes (e.g., [dpdk-dev]). > Making this change will probably break the rules and filters list membe= rs > have for their mailboxes if they filter by the subject prefix. > Members can filter by Mailman's List-Id header instead, or by the To/Cc > headers. > - Disable rewriting the "Sender" header. > Mailman replaces this header by default with the list's bounce address = to > direct bounces from some broken MTAs to the right destination. > - Disable conversion of text/html to plain text. > Mailman currently strips MIME attachments and does text/html to plain t= ext > conversion. >=20 > We experimented for a while with these changes in a test list we created > (https://mails.dpdk.org/listinfo/test-dmarc), and we found that they help= ed > in mitigating signature breakage. > We tested with signed emails from the domains: nvidia.com, broadcom.com, > and gmail.com. We verified that posts on the test list showed passing > DKIM/DMARC results in their 'Authentication-Results' header. >=20 > We plan on making these changes to users@dpdk.org and web@dpdk.org > first, and then to the rest of the lists once we make sure there are no > unexpected issues. >=20 I'm seeing less DKIM and DMARC breakage from users@dpdk.org and web@dpdk.or= g after making the changes mentioned above. I had a discussion with the technical board, and they approved making the c= hanges to the rest of the lists. We'll apply the change in 2 days. Feedback is still appreciated. Thanks, Ali