=?utf-8?q?=5BPodman=5D?=(Meta) Security warnings for podman mailing list
by Joost Molenaar
Hi all, for ~every message posted to this list, some email clients
display an error, in my case "This email has failed its domain's
authentication requirements. It may be spoofed or improperly
forwarded."
These are the authentication results for a recent message from the
list:
Authentication-Results: mailin008.protonmail.ch; arc=none smtp.remote-ip=8.43.85.227
Authentication-Results: mailin008.protonmail.ch; dkim=none
Authentication-Results: mailin008.protonmail.ch; spf=none smtp.mailfrom=lists.podman.io
Authentication-Results: mailin008.protonmail.ch; dmarc=fail (p=none dis=none) header.from=redhat.com
If I understand correctly, Mailman has an option[1] to change the
From: header in the email and add the original sender's name and
address to the Reply-To: header, which leads to a slightly worse user
experience, but is better for security because it reduces the number
of false positives we get exposed to.
So my question is, could we enable DMARC mitigation to reduce
warning fatigue?
Regards,
Joost Molenaar
[1]: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers...
1 year, 10 months