[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OFF TOPIC: Mail going into Trash/Spam
[Thread Prev] | [Thread Next]
- Subject: Re: OFF TOPIC: Mail going into Trash/Spam
- From: Christof Thalhofer <chrisml@xxxxxxxxxxx>
- Date: Fri, 24 Jan 2025 08:01:55 +0100
- To: user@xxxxxxxxxxxxxxxxxxxxxx
Am 23.01.25 um 21:52 schrieb gbWilly:
As far as I can tell from the EMLs you've provided, the <gbWilly@xxxxxxxxxxxxxx> address is being utilized to send the emails in question, but you're using a third-party platform - likely HostSharing - to do so. Since we do not authorize HostSharing to send emails on behalf of our domains (e.g. protonmail.com as above), their messages will fail SPF, DKIM, and, by extension. DMARC.
This is wrong. The sender of the mail is protonmail.com!It creates the DKIM signature and sends the mail to the mail server of 'user@xxxxxxxxxxxxxxxxxxxxxx' in this case 'mailin3.hostsharing.net'.
The error made by protonmail is to include the content of the “List-Unsubscribe:List-Unsubscribe-Post;” headers (which do not exist at the time of sending) with a null value in their DKIM signature. Here is an excerpt from the sources of the mail:
---------------------------------------------------
Received: from mail-43167.protonmail.ch (mail-43167.protonmail.ch [185.70.43.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mailin3.hostsharing.net (Postfix) with ESMTPS id E915E92379 for <user@xxxxxxxxxxxxxxxxxxxxxx>; Sun, 22 Dec 2024 16:24:15 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1734881054; x=1735140254; bh=vayFmlkYuh0mSTeLfyZjahqUSOklaweIlUmtKy1Hjfw=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=I+I+OkslftGfE5F7DXJAk85n/NBmP/qxCem6C2OVesHKPJmW7A4nU0izKEfwtiUxn DyNnopay8w3AxCa7HfJWihU72tn836hXkWWTFTJLZIF13ujrl6M12AXLggQIHO7w6S QRG0Z/TZwFwIHzLt+yUpJittwIBKgtvNBum7UJZD8QB2Dc6ZjzXrwdU+DUaHdrkS1l zjoOKYnRYz7+NtjK4WTMhx/N8GYn0cWLVMzIKeQ3bP9WJHT80KnSjCVJf+9SujQ2Dv eo0w+rkgagjExDWpxqtnyF3QaF57iVuV0dj3hxRb25lvuvHPPB/8zIL3ge9Wc4u/E4 TkfSfqu5zfRWw==
---------------------------------------------------You can see that 'mail-43167.protonmail.ch' sends it and the creator of the DKIM signature is protonmail.com ('d=protonmail.com').
If you look at the content of the "h-" variable in the DKIM-Signature you can see the names of the headers used to create the DKIM signature. there you find 'List-Unsubscribe:List-Unsubscribe-Post'.
The Protonmail support further writes:
However, in doing so, SPF authentication is automatically broken and since the mailing list platform seems to edit the content (or the headers) of the message substantially, the DKIM signature is also broken.
This is incorrect. The mailing list program at Hostsharing keeps *all headers important for the standard DKIM signature as well as the body of the mail untouched*. It only adds list-specific header fields. This is the correct behavior of a mailing list according to:
https://datatracker.ietf.org/doc/html/rfc6377#section-2.4 Here is what the RFC says:
List-specific header fields: Some lists will add header fields
specific to list administrative functions such as those defined in
[LIST-ID] and [LIST-URLS] or the "Resent-" fields defined in
[MAIL]. It is unlikely that a typical MUA would include such
fields in an original message, and DKIM is resilient to the
addition of header fields in general (see notes about the "h=" tag
in Section 3.5 of [DKIM]). Therefore, this is not seen as a
concern.
Since Protonmail previously added the list-specific header fields 'List-Unsubscribe:List-Unsubscribe-Post' with a null value to create their DKIM signature, and our mailing list program correctly adds the 'List-Unsubscribe' header with a non-null value among other administrative headers, the DKIM signature must break.
One solution is that Protonmails stops the incorrect use of the 'List-Unsubscribe:List-Unsubscribe-Post' headers for the creation of their DKIM signature.
The other solution is to use a provider that does not (un)intentionally break mailing lists.
Alles Gute Christof Thalhofer -- Dies ist keine Signatur
| Re: OFF TOPIC: Mail going into Trash/Spam | Christof Thalhofer <chrisml@xxxxxxxxxxx> |
| OFF TOPIC: Mail going into Trash/Spam | gbWilly <gbWilly@xxxxxxxxxxxxxx> |
| Re: OFF TOPIC: Mail going into Trash/Spam | Christof Thalhofer <chrisml@xxxxxxxxxxx> |
| Re: OFF TOPIC: Mail going into Trash/Spam | gbWilly <gbWilly@xxxxxxxxxxxxxx> |
| Re: OFF TOPIC: Mail going into Trash/Spam | T Lee Davidson <t.lee.davidson@xxxxxxxxx> |
| Re: OFF TOPIC: Mail going into Trash/Spam | gbWilly <gbWilly@xxxxxxxxxxxxxx> |