On Wed, November 12, 2014 15:50, g wrote:>
>
> On 11/12/2014 10:13 AM, Les Mikesell wrote:
>
>>
>> Well, no. Per the headers:
>>
>> Authentication-Results: mx.google.com; spf=neutral (google.com:
>> centos-bounces at centos.org does not designate permitted sender hosts)
>> smtp.mail=centos-bounces at centos.org; dkim=neutral (body hash did not
>> verify) header.i=@; dmarc=fail (p=QUARANTINE dis=NONE)
>> header.from=harte-lyne.ca
>>
>> The p=quarantine setting from his server explicitly requests that
>> the message be marked as spam if it s not sent from an authorized
>> server, which don't include the centos list server. So it is
accepted
>> and dropped in the spam folder as requested.
>>
>> And at the moment, he is the only list member that posts regularly
>> from a server with this setting. (We don't even see ones with
>> p=reject, they'll bounce and get kicked off the list).
>
> Les,
>
> i believe problems are on your end, and not with server for James.
>
> i do not see "dmarc=fail" or "p=QUARANTINE" in *any* of
his email
> headers.
>
> therefore, i suggest that it is problem that _you_need_to_correct_.
>
The problem is not within the span of control of anyone receiving this message
from the CentOS mailing list. Les is not in a position to deal with this
issue any better than he already has.
The people that are receiving my messages marked as spam are seeing the result
of our DMARC disposition setting of quarantine. That simply tells conforming
MX servers to mark the message as suspect and so allow the recipient to deal
with it. And that is the proper thing for Google to do in our case. Messages
coming from harte-lyne.ca certainly did not originate from centos.org
notwithstanding that is who is transmitting them. And we are telling Google
that messages from harte-lyne.ca should only be received from our authorized
mails servers, which is perfectly correct.
Google's course of action thereby leaves it in the hands of the recipient to
manage what that fact means to them. It tells them that this message is
routed in some unusual way and that it may be forged. That is important to
know before one opens a message purporting to originate from a trusted source.
As someone else pointed out, there is a philosophical question respecting who
is the originator of any message that travels through a distribution list.
And it remains unresolved. If the CentOS mailing list set the sender and from
headers of all traffic routed through it to itself then the problems you are
seeing with my messages would simply disappear. Because I would no longer be
considered the originator. Something to that effect is what the changes to
Mailman-2.1.18 enable while retaining or setting the Reply-To header to the
original author's email address. I am not sure of the details.
The retention of the originator's identity on mailing list mail is somewhat
inconsistent with the premise that whoever transmits a message is the
originator regardless of whoever wrote it. One can see premise that in the
typical action of forwarding email from inside your MUA. The sender becomes
the person forwarding the message, not the original author.
One also must consider that when one subscribes to a digest of mailing list
traffic, as I do to avoid the problems of identity that others experience,
then the sender and the from are always the list itself as it technically
impossible to have all of the the contributors designated as the Sender. It
is therefore a valid question to ask how it comes to be that a collection of
messages sent one at a time for a given source differs in origin than one sent
as a single message from the same source?
DMARC is all about forgery and is a response, albeit in my opinion a poor one,
to the limitation found in most MUAs that only display the FROM header
regardless of the Sender. Yahoo is draconian about this because, having had
their client's email accounts compromised through a security lapse on their
part, vast numbers of forged messages were sent to people with yahoo.com
accounts who lacked the technical sophistication to detect the fraud.
I apologise for the length of this reply. DMARC is not a simple subject to
discuss. The topic of email identity is highly politicized and technical
approaches to the question have already baffled some of the finest minds on
the IETF. I doubt greatly that anyone here can propose any solution that has
not already been considered and rejected for either political or technical
reasons.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
