nanog mailing list archives
Re: OT: Re: Younger generations preferring social media(esque) interactions.
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Tue, 23 Mar 2021 15:55:50 -0600
On 3/23/21 1:40 PM, Michael Thomas wrote:
The big problem with mailing lists is that they screw up security by changing the subject/body and breaking DKIM signatures.
What you are describing is a capability, configuration, execution issue with the mailing list manager software.
Said another way, what you are describing is *NOT* a problem with the concept of mailing lists.
MLMs can easily receive messages -- after their MTA imposes all germane filtering -- and generate /new/ but *completely* *independent* messages substantially based on the incoming message's content. These /new/ messages come /from/ /the/ /mailing/ /list/! Thus the mailing list operators can leverage all the aforementioned security / safety measure for the mailing list.
SPF / DKIM / DMARC are mean to enable detection (and optionally blocking) of messages that do not come from their original source. Mailing lists are inherently contrary to this. But the mailing list can be a /new/ source.
To whit, I am sending this reply to /exactly/ /one/ recipient, namely the NANOG mailing list. Said recipient will take my content and send it out in hundreds of /new/ and /discrete/ messages. The NANOG mailing list is the source of those new messages. My email server is not contacting your email server.
This makes companies leery of setting the signing policy to reject which makes it much easier for scammers to phish.
Hence, having the mailing list send out /new/ messages with /new/ protection measures mean less breakage for people that send messages to the mailing list.
Treating the mailing list as it's own independent entity actually enables overall better security.
Aside: It is trivial to remove things that cause heartburn (DKIM) /after/ NANOG's SMTP server applies filtering /before/ it goes into Mailman.
The Nanog list is something of an outlier in that they don't do modifications and the DKIM signature survives.
/Currently/, yes. I wouldn't hold my breath for future solutions. -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: OT: Re: Younger generations preferring social media(esque) interactions., (continued)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Seth Mattinen (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Mark Tinka (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Seth Mattinen (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Mark Tinka (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Seth Mattinen (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Michael Thomas (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Andy Ringsmuth (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Mark Tinka (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Mikael Abrahamsson via NANOG (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Michael Thomas (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Grant Taylor via NANOG (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Michael Thomas (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Grant Taylor via NANOG (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Michael Thomas (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Bryan Fields (Mar 24)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Michael Thomas (Mar 24)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Bryan Fields (Mar 24)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Michael Thomas (Mar 25)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Valdis Klētnieks (Mar 23)
- Re: OT: Re: Younger generations preferring social media(esque) interactions. Noah (Mar 24)