[Koha-bugs] [Bug 34927] New: Adding DMARC compatibility to mailing lists

Tue Sep 26 22:55:24 CEST 2023

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34927

            Bug ID: 34927
           Summary: Adding DMARC compatibility to mailing lists
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Websites, Mailing Lists, etc
          Assignee: wizzyrea at gmail.com
          Reporter: td-koha-bugs at agogme.com
        QA Contact: testopia at bugs.koha-community.org

The issue of DMARC support for mailing lists is under consideration again
after languishing for a while for time limitation as a recurring topic in
Koha IRC development meetings now with Jitsi.

There is an interest in knowing the availability and willingness of people
who administer the mailing lists to support DMARC compatibility when
sending messages from the mailing list to subscribers.

Email is still not designed for significant authentication which leads
some mailing list subscribers with email addresses on DMARC compliant
systems to not receive email from Koha lists.  The issue has been raised
on the Koha mailing list and a vote has been pending about implementing
DMARC for sending messages on the mailing lists.  See
https://lists.katipo.co.nz/pipermail/koha/2023-February/059036.html .

The issue is about how mailing list messages are sent with the mailing
list address authenticated and avoid having the mailing list server
impersonate the author of the mailing list email message.  No one is
suggesting blocking mailing list subscribers who do not use DMARC which
could be a substantial minority and is unrelated to the problem of mailing
list impersonation of the message author.  Mailing list impersonation of the
message author is what is what mailing lists generally do by default when
sending messages and is the problem for DMARC.

The easiest way to obtain DMARC compatibility for Mailman 2 or 3 without
the risk of breaking the message body for email clients is munging the
from header, https://wiki.list.org/DEV/DMARC .

MIME wrapping may be more elegant but seems only suitable for a company
mailing list which users only read with a company supplied email client.
In checking for actual implementations in the world, I did not find anyone
reporting the choice of MIME wrapping.  Having the message appear as only
an attachment with an empty message body in an email client would not be
good.  Some major webmail provider might have avoided the problem but then
break it for everyone for months without a care because it is too small a
use case for their attention testing in addition to the issue that the
webmail client is merely a gateway for many people.

Using forum software as an alternative has been disfavoured by a few
people commenting on the mailing list.  If people would want forum
software, Hyperkitty is part of Mailman 3 and better suited to mailing
list compatibility than Discourse or other forum software.  See
https://lists.katipo.co.nz/pipermail/koha/2023-April/059289.html .

-- 
You are receiving this mail because:
You are watching all bug changes.