OT: Re: Younger generations preferring social media(esque) interactions.

• Previous message (by thread): OT: Re: Younger generations preferring social media(esque) interactions.
• Next message (by thread): OT: Re: Younger generations preferring social media(esque) interactions.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/23/21 1:40 PM, Michael Thomas wrote:
> The big problem with mailing lists is that they screw up security by 
> changing the subject/body and breaking DKIM signatures.

What you are describing is a capability, configuration, execution issue 
with the mailing list manager software.

Said another way, what you are describing is *NOT* a problem with the 
concept of mailing lists.

MLMs can easily receive messages -- after their MTA imposes all germane 
filtering -- and generate /new/ but *completely* *independent* messages 
substantially based on the incoming message's content.  These /new/ 
messages come /from/ /the/ /mailing/ /list/!  Thus the mailing list 
operators can leverage all the aforementioned security / safety measure 
for the mailing list.

SPF / DKIM / DMARC are mean to enable detection (and optionally 
blocking) of messages that do not come from their original source. 
Mailing lists are inherently contrary to this.  But the mailing list can 
be a /new/ source.

To whit, I am sending this reply to /exactly/ /one/ recipient, namely 
the NANOG mailing list.  Said recipient will take my content and send it 
out in hundreds of /new/ and /discrete/ messages.  The NANOG mailing 
list is the source of those new messages.  My email server is not 
contacting your email server.

> This makes companies leery of setting the signing policy to reject 
> which makes it much easier for scammers to phish.

Hence, having the mailing list send out /new/ messages with /new/ 
protection measures mean less breakage for people that send messages to 
the mailing list.

Treating the mailing list as it's own independent entity actually 
enables overall better security.

Aside:  It is trivial to remove things that cause heartburn (DKIM) 
/after/ NANOG's SMTP server applies filtering /before/ it goes into Mailman.

> The Nanog list is something of an outlier in that they don't do 
> modifications and the DKIM signature survives.

/Currently/, yes.  I wouldn't hold my breath for future solutions.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210323/25100f95/attachment.bin>

• Previous message (by thread): OT: Re: Younger generations preferring social media(esque) interactions.
• Next message (by thread): OT: Re: Younger generations preferring social media(esque) interactions.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]