On Wed, November 12, 2014 15:50, g wrote:
On 11/12/2014 10:13 AM, Les Mikesell wrote:
Well, no. Per the headers:
Authentication-Results: mx.google.com; spf=neutral (google.com: centos-bounces@centos.org does not designate permitted sender hosts) smtp.mail=centos-bounces@centos.org; dkim=neutral (body hash did not verify) header.i=@; dmarc=fail (p=QUARANTINE dis=NONE) header.from=harte-lyne.ca
The p=quarantine setting from his server explicitly requests that the message be marked as spam if it s not sent from an authorized server, which don't include the centos list server. So it is accepted and dropped in the spam folder as requested.
And at the moment, he is the only list member that posts regularly from a server with this setting. (We don't even see ones with p=reject, they'll bounce and get kicked off the list).
Les,
i believe problems are on your end, and not with server for James.
i do not see "dmarc=fail" or "p=QUARANTINE" in *any* of his email headers.
therefore, i suggest that it is problem that _you_need_to_correct_.
The problem is not within the span of control of anyone receiving this message from the CentOS mailing list. Les is not in a position to deal with this issue any better than he already has.
The people that are receiving my messages marked as spam are seeing the result of our DMARC disposition setting of quarantine. That simply tells conforming MX servers to mark the message as suspect and so allow the recipient to deal with it. And that is the proper thing for Google to do in our case. Messages coming from harte-lyne.ca certainly did not originate from centos.org notwithstanding that is who is transmitting them. And we are telling Google that messages from harte-lyne.ca should only be received from our authorized mails servers, which is perfectly correct.
Google's course of action thereby leaves it in the hands of the recipient to manage what that fact means to them. It tells them that this message is routed in some unusual way and that it may be forged. That is important to know before one opens a message purporting to originate from a trusted source.
As someone else pointed out, there is a philosophical question respecting who is the originator of any message that travels through a distribution list. And it remains unresolved. If the CentOS mailing list set the sender and from headers of all traffic routed through it to itself then the problems you are seeing with my messages would simply disappear. Because I would no longer be considered the originator. Something to that effect is what the changes to Mailman-2.1.18 enable while retaining or setting the Reply-To header to the original author's email address. I am not sure of the details.
The retention of the originator's identity on mailing list mail is somewhat inconsistent with the premise that whoever transmits a message is the originator regardless of whoever wrote it. One can see premise that in the typical action of forwarding email from inside your MUA. The sender becomes the person forwarding the message, not the original author.
One also must consider that when one subscribes to a digest of mailing list traffic, as I do to avoid the problems of identity that others experience, then the sender and the from are always the list itself as it technically impossible to have all of the the contributors designated as the Sender. It is therefore a valid question to ask how it comes to be that a collection of messages sent one at a time for a given source differs in origin than one sent as a single message from the same source?
DMARC is all about forgery and is a response, albeit in my opinion a poor one, to the limitation found in most MUAs that only display the FROM header regardless of the Sender. Yahoo is draconian about this because, having had their client's email accounts compromised through a security lapse on their part, vast numbers of forged messages were sent to people with yahoo.com accounts who lacked the technical sophistication to detect the fraud.
I apologise for the length of this reply. DMARC is not a simple subject to discuss. The topic of email identity is highly politicized and technical approaches to the question have already baffled some of the finest minds on the IETF. I doubt greatly that anyone here can propose any solution that has not already been considered and rejected for either political or technical reasons.