[NeXus-committee] Mailing list change to avoid DMARC/DKIM/SPF issues

Freddie Akeroyd - UKRI STFC freddie.akeroyd at stfc.ac.uk
Mon May 11 20:19:44 BST 2020


Thanks Ray – I think the other option is where it wraps and attaches the original message, but certainly for me (using outlook) you then have to open this attachment separately with an extra click which wasn’t so nice. So I agree “munging”, as already done on the neutron list, looks the most user friendly option

Regards,

Freddie

From: Raymond Osborn <rayosborn at me.com>
Sent: 11 May 2020 19:49
To: Akeroyd, Freddie (STFC,RAL,ISIS) <freddie.akeroyd at stfc.ac.uk>
Cc: nexus-committee at nexusformat.org
Subject: Re: [NeXus-committee] Mailing list change to avoid DMARC/DKIM/SPF issues

Freddie,
I agree that doing something like this is essential. This is what we had to do for the neutron mailing list, neutron at neutronsources.org<mailto:neutron at neutronsources.org>. There is an alternative solution where you configure Mailman to forward to the list without any modifications (e.g., adding [NeXus-committee] to the subject line and mailing list links at the bottom), so that the DKIM signature is still valid. However, I find the change to the subject line helpful to identify the message context, so I think I’m in favor of the munge solution. There are more details at https://seanthegeek.net/459/demystifying-dmarc/.

Ray


On May 11, 2020, at 1:32 PM, Freddie Akeroyd - UKRI STFC via NeXus-committee <nexus-committee at shadow.nd.rl.ac.uk<mailto:nexus-committee at shadow.nd.rl.ac.uk>> wrote:

Dear NeXus Committee,

Many sites are now implementing DMARC/DKIM/SPF checking of incoming email, this can cause issues for mailing lists as they forward mail on behalf of a user. A receiving site would see the original sender domain in the “From”, but also see that is was not delivered by a trusted source for that domain and may then discard or reject the email.

The mailman mailing list software has a “Munge From” option, this replaces the poster's address in the From: header with the list's posting address and adds the poster's address to the addresses in the original Reply-To: header. The original sender name is mentioned in some way like “NeXus on behalf of Freddie Akeroyd” but the message now looks like it has come from the mailing list server and so avoids issues at the receiver if they implement any DMARC policy of the original sender domain.

The only potential consequence of this action is that the default behaviour of “reply” may change in some email clients, but I am already aware of sites starting to trial DMARC/DKIM/SPF  so I believe it is a change we will need to make. I have now enabled this option for the nexus-committee list and if all looks to be well I will also enable it for the general NeXus mailing list

Regards,

Freddie

_______________________________________________
NeXus-committee mailing list
NeXus-committee at nexusformat.org<mailto:NeXus-committee at nexusformat.org>
http://lists.nexusformat.org/mailman/listinfo/nexus-committee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nexusformat.org/pipermail/nexus-committee/attachments/20200511/b0735ce3/attachment.htm>


More information about the NeXus-committee mailing list