Change to Mail Infrastructure - SPF and DKIM verification will now be enforced

Ben Cooksley bcooksley at kde.org
Fri Dec 4 19:14:46 GMT 2015


On Sat, Dec 5, 2015 at 8:07 AM, Rolf Eike Beer <kde at opensource.sf-tec.de> wrote:
> Ben Cooksley wrote:
>> On Fri, Dec 4, 2015 at 11:28 PM, Jan Kundrát <jkt at kde.org> wrote:
>> > On Friday, 4 December 2015 10:56:42 CET, Ben Cooksley wrote:
>> >> Note that in the long run with DMARC looming you will need to switch
>> >> to #2 anyway, and keeping your current behaviour will likely lead to
>> >> mail from people who use Yahoo / AOL / etc ending up in the spam
>> >> folder with many mailing list members. I'll be starting a discussion
>> >> regarding taking this step on KDE systems at some point in the near
>> >> future (switching to DMARC compatible policies).
>> >>
>> >> For more information, please see http://wiki.list.org/DEV/DMARC
>> >
>> > Do I understand your plan correctly? The following projects appear to not
>> > re-sign their ML traffic, and they mangle headers at the same time. If I
>> > understand your plan correctly, this means that I won't be able to use my
>> > @kde.org addresses on mailing lists of these projects, for example:
>> >
>> > - Qt,
>> > - Debian,
>> > - Gentoo,
>> > - OpenStack,
>> > - anything hosted at SourceForge,
>> > - and many, many more, essentially anybody who were ignoring DKIM.
>> >
>> > Please, change your plans, this is obviously a huge no-go.
>>
>> *Sigh*.
>>
>> Debian has already committed (prior to any of this) to making their
>> mailing lists DMARC compliant by ceasing the alteration of mail
>> passing through their lists.
>
> Which is a good idea anyway, as far as you can influence it (see the 8bit
> problems from the other mail).
>
>> It is an extreme pity these mailing list providers have demonstrated
>> such an extreme disregard for standards which aim to eliminate
>> forgeries and ensure people cannot be digitally misrepresented. This
>> is why we had to change Bugzilla a while back to send as
>> bugzilla_noreply at kde.org instead of the acting user's email address -
>> because Yahoo's enforcement policy meant GMail always placed mail from
>> Yahoo users in the spam folder.
>
> Huh? Of course you _must_ send with a @kde.org address. My SPF policy forbids
> you to send mail for my domain. And now you want to enforce SPF, but don't
> properly handle it yourself?

Clarification there:

SMTP From was always bugzilla_noreply at kde.org
RFC 2822 From (the header) was the originating user's address.

This is SPF, but not DMARC compliant.

We now send emails with both SMTP and RFC 2822 headers set to @kde.org
addresses.

>
>> I'll grant an extension until 31 January, however I would like to see
>> commitments from some of these to improve their infrastructure.
>
> It wont affect me, as I ignore the whole DKIM stuff both at the sending and
> receiving end, but this just going to cause a lot of unnecessary trouble I
> think.
>
> To make it clear: I receive tons of spam per day. It has become worse in the
> last month, as it seems that the usual filters do not work that good anymore.
> You as postmaster of such a public domain are likely receiving even more of
> that crap. But that proposal is going to cause collateral damage.

Yes, spam has worsened, despite our efforts to block it. Unfortunately
it seems that Bayes isn't able to keep up with the changing variety of
rubbish - not without quite a bit of time spent daily training and
training it.


>
> Eike

Regards,
Ben




More information about the kde-core-devel mailing list