Change to Mail Infrastructure - SPF and DKIM verification will now be enforced
Martin Graesslin
mgraesslin at kde.org
Mon Dec 7 13:19:51 GMT 2015
On Friday, December 4, 2015 11:28:03 AM CET Jan Kundrát wrote:
> On Friday, 4 December 2015 10:56:42 CET, Ben Cooksley wrote:
> > Note that in the long run with DMARC looming you will need to switch
> > to #2 anyway, and keeping your current behaviour will likely lead to
> > mail from people who use Yahoo / AOL / etc ending up in the spam
> > folder with many mailing list members. I'll be starting a discussion
> > regarding taking this step on KDE systems at some point in the near
> > future (switching to DMARC compatible policies).
> >
> > For more information, please see http://wiki.list.org/DEV/DMARC
>
> Do I understand your plan correctly? The following projects appear to not
> re-sign their ML traffic, and they mangle headers at the same time. If I
> understand your plan correctly, this means that I won't be able to use my
> @kde.org addresses on mailing lists of these projects, for example:
>
> - Qt,
> - Debian,
> - Gentoo,
> - OpenStack,
> - anything hosted at SourceForge,
> - and many, many more, essentially anybody who were ignoring DKIM.
>
> Please, change your plans, this is obviously a huge no-go.
this looks like a huge problem. Could this be rolled out in two phases: one
where a big fat warning is added in some way, so that we can inform our
mailing list masters about the breakage and then a slow enforcement?
Kicking out kde.org from important stakeholders doesn't look right to me. And
it's not like we would notice. It might take quite some time till we notice no
longer incoming mails in mailing list folders. And not everybody read this
thread and understood the implications. I do not know how to verify that a
mailing list sends correctly and there are important mailing lists I'm
subscribed to with low traffic.
So: can we do something to notify non compliant mailing lists? And what if
they don't act on it? If for example freedesktop.org is slow on it the
solution cannot be to effectively kick out kde from freedesktop.org. I'm not
going to subscribe there with my private mail address, because it's important
to be there with an @kde.org address.
Cheers
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20151207/d71a8904/attachment.sig>
More information about the kde-core-devel
mailing list