DMARC protection quoting problem

dpc22 commented 5 years ago

Version

6.2.42

Installation method

rpms from http://sympa-ja.org/download/rhel/ installed on RHEL 7.

Also installed from source on my Ubuntu workstation to confirm the issue.

Expected behavior

If I enable DMARC protection:

New From name format (phrase)

with the replacement From header set to be:

"Name" (via List) (name_via_list)

the output is of the form:

From: "David Carter" (via test-dpc22 Mailing List) test-dpc22@XXX.csi.cam.ac.uk

I would expect this text to be displayed in my mail client.

Actual behavior

Various mail clients (at least Roundcube and PINE, which are the two that I commonly use) display:

From: David Carter test-dpc22@XXX.csi.cam.ac.uk

cutting out the "(via test-dpc22 Mailing List) " part of the text entirely. Presumably they focus in on the quoted part of the string

Clearly not Sympa's fault, but the following From: header might work better:

From: "David Carter (via test-dpc22 Mailing List)" test-dpc22@XXX.csi.cam.ac.uk

Other information

Issue #289 appears to be a variation of the same problem.

racke commented 5 years ago

I also think that (via test-dpc22 Mailing List) belongs inside the quotes.

ldidry commented 5 years ago

This has been discussed in february on the sympa-developpers ML : https://listes.renater.fr/sympa/arc/sympa-developpers/2019-02/msg00005.html (see those responses : https://listes.renater.fr/sympa/arc/sympa-developpers/2019-02/msg00006.html and https://listes.renater.fr/sympa/arc/sympa-developpers/2019-02/msg00007.html)

racke commented 5 years ago

Just added my two cents to the ML thread.

ikedas commented 5 years ago

Also, you would be better to consider using ARC. See: https://sympa-community.github.io/manual/customize/dkim-arc.html

jundaigrind commented 7 months ago

Hi there, as a possible intermediate solution, maybe to include new "phrase" formats. Expanding the _dmarcprotection.phrase formats options.

Option 1: “Name” field would be replaced e-mail field, resulting in "mail"; Option 2: “Name” include “mail”, resulting in "Name \<mail>”; Option 3: “Name” include “mail”, resulting in “Name via mail”;

Examples:

John Tech sending a message to listname over listserver.org.

John Tech address: john.tech@example.org List address: listname@listserver.org

Option 1: "New From name format (phrase)" == _'e-mail' (comments) (emailcomments) At config file: _dmarc_protection.phrase emailcomments

Result 1: From: "john.tech@example.org" (comments) \listname@listserver.org\

Option 2: New From name format (phrase) == _'Name \<e-mail>' (comments) (name_with_emailcomments) At config file: _dmarc_protection.phrase name_with_emailcomments

Result 2: From: "John Tech \john.tech@example.org\" (comments) \listname@listserver.org\

Option 3: New From name format (phrase) == _'Name via e-mail' (comments) (name_via_emailcomments) At config file: _dmarc_protection.phrase name_via_emailcomments

Result 3: From: "John Tech via john.tech@example.org" (comments) \listname@listserver.org\

Let me know if this breaks any RFC or known best practices.

Regards!

ikedas commented 7 months ago

Just a thought,

Introducing the template to rewrite the From field would, although not a radical solution, bring an end to the endless suggestions for new phrase formats.

For example,

# "Name" (via List)
dmarc_protection.phrase name_via_list

would be

dmarc_protection.display_name [%user.gecos%]
dmarc_protection.comment via [%list.name%]

And

# "Name" (e-mail)
dmarc_protection.phrase name_and_email

would be

dmarc_protection.display_name [%user.gecos%]
dmarc_protection.comment [%user.email%]

jlsnt commented 5 months ago

Hi, Yes, it would be nice going this way. Everyone would be able to customize at will. (for instance, I'd love to get rid of the "Mailing List" hardcoded words when using the current name_via_list option) Thank you.

kindsteven commented 5 months ago

Hello, I upvote for letting more flexibility in the composition of the dmarc_protection.phrase.

We have the problem that any setting which includes the original e-mail with "@" and "." characters in the new display name triggers antispam systems at some recipients (for example Microsoft office365) because considered obsolete by RFC5322 and prone to be abused by spammers.

On the other hand many clients (for example Zimbra web GUI) simply discard the comments inside "(" ")" brackets and show only the display name part which is included in double apexes. Because of this the current _display_name, list_for_name, name_vialist settings may result in the mail client displaying an address book contact which either binds the posting-user name to the mailing list address or doesn't show any info about who posted the message to the list. Thank you

ikedas commented 5 months ago

@kindsteven ,

All of the behaviors you noted could be caused by legitimate MUAs. In other words, Sympa's DMARC protection mechanism, no matter how it is improved, could confuse MUAs and users, and is therefore not a final solution.

The best workaround in the current situation where ARC sender authentication is not fully effective would be enabling DKIM signing and ARC sealing (and of course SPF also!) while minimizing the scope of DMARC protection (such as dmarc_protection.mode dmarc_reject).

By the way, we welcome the submission of PRs to implement the suggestions put forth in this Issue.😄

sympa-community / sympa