[TriLUG] mails from list are coming with warning on gmail
Alexey Toptygin
alexeyt at freeshell.org
Sat Sep 17 15:21:46 EDT 2011
On Sat, 17 Sep 2011, Tapas Mishra wrote:
> On Fri, Sep 16, 2011 at 7:42 PM, Alexey Toptygin <alexeyt at freeshell.org> wrote:
>>
>> Gmail signed Jared Norris' mail with DKIM when he sent it; the mailing list
>> modified the headers (and maybe the body too); gmail got the message from
>> the mailing list, tried to verify the DKIM signature and verification
>> failed. Since it's modifying messages, the mailing list software on
>> ubuntu.com should be configured to strip DKIM signature headers, and maybe
>> to add their own signature.
>>
>
> Some additional input.I came to know via various other users
> that this problem is occuring in each mail that comes via some mailing
> list to gmail inboxes and this seems to be recent problem.
>
> It is not a problem with *@lists.ubuntu.com
> In my inbox when I am getting mails from various other mailing lists
> all the mails I get are marked as phishing attempts.
> This is the case with other gmail users also.
Just because the problem is not limited to *@lists.ubuntu.com does not
mean that the problem is not at lists.ubuntu.com :-) The facts remain:
1) Gmail (and yahoo, and AOL, and other senders) is signing messages with DKIM
2) Mailing list software @lists.ubuntu.com (and probably many other
places) modifies headers and/or bodies but does not strip or replace DKIM
signatures
3) Gmail marks mail that has a broken DKIM signature as a phishing attempt
#2 has been that way forever
#1 has been that way for 2 or more years
#3 probably changed most recently
DKIM is a recent standard and gmail is one of the early adopters, so this
sort of growing pain is not unexpected. Mailing list managers will need to
learn about DKIM and deal with it appropriately...
Alexey
More information about the TriLUG
mailing list