[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(ET) from line and anti-spoofing systems

Subject: (ET) from line and anti-spoofing systems
From: Ken Olum <kdo cosmos phy tufts edu>
Date: Tue, 24 Jun 2014 14:55:13 -0400
List-archive: <http://cosmos.phy.tufts.edu/mhonarc/elec-trak/>
List-help: <mailto:elec-trak-request@cosmos.phy.tufts.edu?subject=help>
List-id: Electric tractor discussion list <elec-trak.cosmos.phy.tufts.edu>
List-post: <mailto:elec-trak@cosmos.phy.tufts.edu>
List-subscribe: <https://cosmos.phy.tufts.edu/mailman/listinfo/elec-trak>, <mailto:elec-trak-request@cosmos.phy.tufts.edu?subject=subscribe>
List-unsubscribe: <https://cosmos.phy.tufts.edu/mailman/options/elec-trak>, <mailto:elec-trak-request@cosmos.phy.tufts.edu?subject=unsubscribe>

Hi, Elec-trak subscribers.  I've just installed a new version of mailman
(the software that manages the Elec-trak list) that avoids problems with
messages being rejected because they come from cosmos.phy.tufts.edu
rather than the original sender's domain.  This caused 75 people's
subscriptions to be suspended last week.  The problem is that, according
to yahoo, for example, messages that say they come from yahoo in the
from line should only be sent by yahoo's mail servers and not by
cosmos.phy.tufts.edu.  The result of this is that postings from users at
such domains will now have the from line modified to say that they come
from the list itself.  This look somewhat strange, but the reply to line
will also be modified, so that if you reply to the sender only, the
message will go where you expect.  If you say reply to all, the message
will go to the list as usual.

Technical details:

There is a system called DMARC, which stands for "Domain-based Message
Authentication, Reporting & Conformance".  It enables a site, in this
case Yahoo, to say that messages which have from addresses at that site
should only be delivered by a specific set of authorized sending hosts
specifed using SPF.  If not, the receiving site is supposed to reject
(or quarantine) the arriving message.  This is a superficially good
idea, because it prevents spoofing.

The problem is that it breaks mailing lists.  If a user at yahoo sends
mail to elec-trak cosmos phy tufts edu, the from line says it comes from
...@yahoo.com.  If cosmos.phy.tufts.edu then forwards the mail to a site
that obeys DMARC requests, then it's not coming (directly) from a
yahoo-authorized sender, so the receiving site rejects it, and then
mailman declares that the receiver's mail is bouncing and stops sending
messages to them.

This is fixed now as follows.  If mailman receives a message for the
Elec-trak list from a site that uses DMARC, it will modify the from line
so that it has the address of the list, rather than the address of the
sender.  This prevents it from getting rejected.  The personal name in
the from line will be the actual sender's personal name plus "via
Elec-trak".  Replies will be directed by the "reply-to" header to go to
the original sender, unless you say "reply to all".  This is somewhat
ugly, because it looks strange in your catalog of messages, but it's
best we can do at the moment.

                                        Ken

Follow-Ups:
- Re: (ET) from line and anti-spoofing systems
  - From: Charlie
- Re: (ET) from line and anti-spoofing systems
  - From: David Roden (Akron OH USA)

Prev by Date: (ET) (no subject)
Next by Date: Re: (ET) from line and anti-spoofing systems
Previous by thread: (ET) 2014 Gathering Update
Next by thread: Re: (ET) from line and anti-spoofing systems
Index(es):
- Date
- Thread