<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi,<br>
    </p>
    <div class="moz-cite-prefix">On 07.03.20 10:54, Robert Helling via
      subsurface wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:7F8F5BB2-CFCB-4C16-A871-6E583F0D2092@atdotde.de">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
        class="">
      <div style="word-wrap: break-word; -webkit-nbsp-mode: space;
        line-break: after-white-space;" class="">Dirk,<br class="">
        <div class=""><br class="">
          <blockquote type="cite" class="">
            <div class="">On 6. Mar 2020, at 23:52, Dirk Hohndel via
              subsurface <<a
                href="mailto:subsurface@subsurface-divelog.org" class=""
                moz-do-not-send="true">subsurface@subsurface-divelog.org</a>>
              wrote:</div>
            <br class="Apple-interchange-newline">
            <div class=""><span style="caret-color: rgb(0, 0, 0);
                font-family: Helvetica; font-size: 12px; font-style:
                normal; font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">The biggest difference is, of
                course, that a simple 'reply' is no longer going</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 12px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 12px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">to the author of the email that
                you are responding to, but to the whole</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 12px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 12px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">list...</span></div>
          </blockquote>
        </div>
        <br class="">
        <div class="">hmm, I am not sure this is the only difference: In
          the apple mail reader for example, this thread now looks like </div>
        <div class=""><br class="">
        </div>
        <div class=""><img apple-inline="yes"
            id="327031F3-043B-4220-A149-F1AC91364B50" class=""
            src="cid:part2.78D839FE.3482056A@charno.ch" width="248"
            height="499"></div>
        <div class=""><br class="">
        </div>
        <div class="">That is, you cannot tell anymore who wrote that
          message (the xxx via subsurface <<a
            href="mailto:subsurface@subsurface-divelog.org" class=""
            moz-do-not-send="true">subsurface@subsurface-divelog.org</a>>
          appears above quotes, though), in particular since many people
          don’t sign their messages with their name. I think, this is
          worse than people with misconfigured DMARK and DKIM cannot
          post to the mailing list (note that the problem is on the
          sender side since those people have too strict rules when
          posting to mailing lists, not on the receivers’ end). <br>
        </div>
      </div>
    </blockquote>
    <p>Can you explain this a bit more? <br>
    </p>
    <p>I think that DKIM / DMARC does exactly what it should: preventing
      modification of mails with "MailFrom" from my domain on-the-fly.</p>
    <p>I also have SPF configured, which should in theory also lead to a
      reject when my domain is used as MailFrom. <br>
    </p>
    <p>With DMARC, if I understand correctly, the mail should only be
      threated as boguous when both of these mechanisms fail at once.
      This is the case when the subsurface-divelog.org list server
      modifies my mail (breaks DKIM) and sends it from it own server
      (breaks SPF) with MailFrom ~= *@charno.ch.</p>
    <p>I understand that this leads to problems with mailing lists, but
      on the other hand I would think that replacing the sender address
      by the mailing list software (like done now on
      subsurface-divelog.org) should be the right way to deal with this
      problem. Honestly, I'm more curious about why your mail client
      only displays the sender mail-address (but not always? The mail
      you directly received from Benjamin seems fine?) instead of the
      name in the MailFrom-Header.<br>
    </p>
    <p>I think that DMARC / DKIM / SPF are a quite important tool in the
      fight against mail spoofing, so I would hate to weaken or disable
      it.</p>
    <p>Can you give me some recommendation on how I should configure
      DMARC / DKIM / SPF without breaking spoof-save mailing, but still
      working with mailinglists configured like subsurface was before?<br>
    </p>
    <blockquote type="cite"
      cite="mid:7F8F5BB2-CFCB-4C16-A871-6E583F0D2092@atdotde.de">
      <div style="word-wrap: break-word; -webkit-nbsp-mode: space;
        line-break: after-white-space;" class="">
        <div class=""><br class="">
        </div>
        <div class="">If you really want to rewrite from addresses,
          rather rewrite <a
            href="mailto:joe.dorfnuts@mysetupisbroken.com" class=""
            moz-do-not-send="true">joe.dorfnuts@mysetupisbroken.com</a>
          to <a href="mailto:joe@mysetupisbroken.com.invalid" class=""
            moz-do-not-send="true">joe@mysetupisbroken.com.invalid</a>-removeme</div>
        <div class=""><br class="">
        </div>
        <div class="">Best</div>
        <div class="">Robert</div>
      </div>
    </blockquote>
    Best regards<br>
    Christof<br>
    <blockquote type="cite"
      cite="mid:7F8F5BB2-CFCB-4C16-A871-6E583F0D2092@atdotde.de">
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
subsurface mailing list
<a class="moz-txt-link-abbreviated" href="mailto:subsurface@subsurface-divelog.org">subsurface@subsurface-divelog.org</a>
<a class="moz-txt-link-freetext" href="http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface">http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface</a>
</pre>
    </blockquote>
  </body>
</html>