Change to Mail Infrastructure - SPF and DKIM verification will now be enforced
Ben Cooksley
bcooksley at kde.org
Tue Dec 8 09:54:13 GMT 2015
On Tue, Dec 8, 2015 at 10:33 PM, Martin Graesslin <mgraesslin at kde.org> wrote:
> On Tuesday, December 8, 2015 9:51:50 AM CET Martin Graesslin wrote:
>> On Tuesday, December 8, 2015 8:21:03 PM CET Ben Cooksley wrote:
>> > On Tue, Dec 8, 2015 at 2:19 AM, Martin Graesslin <mgraesslin at kde.org>
> wrote:
>> > > On Friday, December 4, 2015 11:28:03 AM CET Jan Kundrát wrote:
>> > >> On Friday, 4 December 2015 10:56:42 CET, Ben Cooksley wrote:
>> > >> > Note that in the long run with DMARC looming you will need to switch
>> > >> > to #2 anyway, and keeping your current behaviour will likely lead to
>> > >> > mail from people who use Yahoo / AOL / etc ending up in the spam
>> > >> > folder with many mailing list members. I'll be starting a discussion
>> > >> > regarding taking this step on KDE systems at some point in the near
>> > >> > future (switching to DMARC compatible policies).
>> > >> >
>> > >> > For more information, please see http://wiki.list.org/DEV/DMARC
>> > >>
>> > >> Do I understand your plan correctly? The following projects appear to
>> > >> not
>> > >> re-sign their ML traffic, and they mangle headers at the same time. If
>> > >> I
>> > >> understand your plan correctly, this means that I won't be able to use
>> > >> my
>> > >> @kde.org addresses on mailing lists of these projects, for example:
>> > >>
>> > >> - Qt,
>> > >> - Debian,
>> > >> - Gentoo,
>> > >> - OpenStack,
>> > >> - anything hosted at SourceForge,
>> > >> - and many, many more, essentially anybody who were ignoring DKIM.
>> > >>
>> > >> Please, change your plans, this is obviously a huge no-go.
>> > >
>> > > this looks like a huge problem. Could this be rolled out in two phases:
>> > > one
>> > > where a big fat warning is added in some way, so that we can inform our
>> > > mailing list masters about the breakage and then a slow enforcement?
>> >
>> > You can examine the "Authentication-Results" header from any mail that
>> > passes through kde.org mail infrastructure to determine if it is
>> > valid.
>>
>> Checking the non-KDE mailing lists I'm subscribed to:
>>
>> * EWMH mailing list (hosted on GNOME infrastructure):
>>
>> Authentication-Results: postbox.kde.org; dkim=fail
>> reason="verification failed; unprotected key"
>> header.d=gmail.com header.i=@gmail.com header.b=qL4yX1lm;
>> dkim-adsp=none (unprotected policy); dkim-atps=neutral
>>
>> * wayland: no such header
>
> Correction: Wayland is also affected. I didn't check a gmail mail. So given
> that all freedesktop.org are probably affected.
>
> Sorry Ben, that's just a no, it will be highly disruptive to KDE to turn us
> off from these mailing lists.
Can't recall if I stated this previously, but i'd already decided to
delay this until the end of January.
It should not be delayed forever though.
>
> Cheers
> Martin
More information about the kde-core-devel
mailing list