Date   

moderated Re: Evaluating turning on DMARC #update

Konstantin Ryabitsev
 

On Thu, Sep 16, 2021 at 08:30:41AM -0700, Shal Farley wrote:
- don't modify signed headers (Subject, for example)
- don't modify the message body (e.g. don't append "Groups.io Links")

That's all it takes.
Understood. But that is a very big "all".

It would largely defeat the "group" concept, turning Groups.io into a mere
mail reflector.
So, give folks an option:

1. accept rewritten From: that will throw away original headers (and use ARC,
if that's the way you want to go); a lot of people don't care about
From: anyway, unless they are doing very specific things
2. preserve all original headers and message body and fullfill DMARC
policies of the original sender; most people wouldn't care for that, except
some people who really, REALLY care

This can easily be a per-list setting.

-K


moderated Re: Evaluating turning on DMARC #update

 

Hi Shal,

On Wed, Sep 15, 2021 at 10:51 PM Shal Farley <shals2nd@...> wrote:

This will work for those posters/recipients subject to DMARC rewriting,
Digests, Summaries, and notices. But are those major contributors to the
problem? GMF had a spate of reports a while ago of people mystified by
misdirected group messages, and that seemed to revolve predominantly
around AOL. Is that where this is aimed?

Yes, exactly. The spammer(s) uses AOL, Hotmail and Outlook accounts, all of which we re-write the From lines.

 
Normal group messages, where the header From has the posting member's
domain not Groups.io's, will fail DMARC regardless of Groups.io's
settings. Unless I've missed something. That's the case where we're
Waiting for Godot. Er, I mean ARC.


My understanding is that ARC is not yet adopted in any meaningful way.

 

The only concern that comes to mind is that this could be another step
down a path that leads to rewriting all From headers. I'd really rather
not see that outcome.


Agreed, I don't want that either.

Thanks,
Mark 


moderated Re: Evaluating turning on DMARC #update

 

Chris,


OTOH that might be the lesser of two evils...

Says the guy whose From address is already being rewritten. ;-)

But your example does serve to show that Ken's concern about identifying the author has been suitably mitigated by the way Groups.io rewrites the From address (as opposed to the way Yahoo Groups botched the rewrite).

Still, the downstream impacts ("collateral damage") of From rewriting are such that I'd prefer to eliminate the need altogether. Which is what the proposed ARC mechanism is supposed to do, but I'm not sure where that is in terms of adoption by mailbox providers.

Shal


moderated Re: Evaluating turning on DMARC #update

 

K,
- don't modify signed headers (Subject, for example)
- don't modify the message body (e.g. don't append "Groups.io Links")

That's all it takes.

Understood. But that is a very big "all".

It would largely defeat the "group" concept, turning Groups.io into a mere mail reflector.
> The only concern that comes to mind is that this could be another step down
> a path that leads to rewriting all From headers. I'd really rather not see
> that outcome.

Setting a DMARC record for groups.io won't impact these messages anyway.

Which messages are you referring to?

A DMARC record for groups.io will definitely apply to messages that have had their From rewritten into the groups.io domain. It wouldn't impact those that have not been rewritten (such as yours and mine), but that was the point I was making.

Shal


moderated Re: Evaluating turning on DMARC #update

Chris Jones
 

On Thu, Sep 16, 2021 at 04:24 PM, Ken Schweizer wrote:
I too would not like to see that as it appears that those using their e-mail would have more difficulty determining who the author of the message is.
OTOH that might be the lesser of two evils...

Chris


moderated Re: Evaluating turning on DMARC #update

Ken Schweizer
 

If as Shall suggested "that this could be another step down a path that leads to rewriting all From headers" I too would not like to see that as it appears that those using their e-mail would have more difficulty determining who the author of the message is.

Ken S


moderated Re: Evaluating turning on DMARC #update

Konstantin Ryabitsev
 

On Wed, Sep 15, 2021 at 10:50:59PM -0700, Shal Farley wrote:
Normal group messages, where the header From has the posting member's domain
not Groups.io's, will fail DMARC regardless of Groups.io's settings. Unless
I've missed something. That's the case where we're Waiting for Godot. Er, I
mean ARC.
For the record, it would be easy for groups.io to provide an option to be
DMARC-compliant, at least for DKIM-signed messages:

- don't modify signed headers (Subject, for example)
- don't modify the message body (e.g. don't append "Groups.io Links")

That's all it takes.

If you have any specific objections to turning on DMARC, please let me
know.
The only concern that comes to mind is that this could be another step down
a path that leads to rewriting all From headers. I'd really rather not see
that outcome.
Setting a DMARC record for groups.io won't impact these messages anyway.

-K


moderated Record Moderator activity regarding banning domains in the Activity Log #suggestion

Andy Wedge
 

Hi Mark,

I noticed that adding or removing domains to/from the banned list is not recorded in the Activity Log. Can we do that?

Thanks
Andy


moderated Re: Evaluating turning on DMARC #update

 

Mark,

malicious forwarding of list messages to people not subscribed to the
lists. ... I have just added a DMARC record with p=none for the
groups.io domain ...
This will work for those posters/recipients subject to DMARC rewriting, Digests, Summaries, and notices. But are those major contributors to the problem? GMF had a spate of reports a while ago of people mystified by misdirected group messages, and that seemed to revolve predominantly around AOL. Is that where this is aimed?

Normal group messages, where the header From has the posting member's domain not Groups.io's, will fail DMARC regardless of Groups.io's settings. Unless I've missed something. That's the case where we're Waiting for Godot. Er, I mean ARC.

If you have any specific objections to turning on DMARC, please let me
know.
The only concern that comes to mind is that this could be another step down a path that leads to rewriting all From headers. I'd really rather not see that outcome.

Shal


moderated Evaluating turning on DMARC #update

 

Hi All,

You can ignore this if you don't know what DMARC is...

We continue to get instances of malicious forwarding of list messages to people not subscribed to the lists. I don't know why this is happening, but it's an issue. I have just added a DMARC record with p=none for the groups.io domain (and not yet to any of the enterprise domains we serve), so that I can get reports of how DMARC might affect deliverability. I'm not a fan of DMARC, but it was designed specifically to prevent the problem we're having now.

If you have any specific objections to turning on DMARC, please let me know.

Thanks,
Mark


moderated Count mod-edited approval as an approved message #suggestion

 

I have a new group member whose first message was approved, but only after some editing by me (in conjunction with offlist consultation with her, to improve clarity). We have NMM set to 3. I was about to unmoderate her this morning when I noticed that she still has her NMM requirement set to 3, as if she'd never had a message approved. Is that because her first message, although approved, was first edited by a moderator? Does mod-edited approval not count as approval? This feels slightly "off." I think approval should count as approval, no matter what. Could this be unintended and a bug?
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Search function in Photos doesn't indicate album names #suggestion

 

On Tue, Sep 14, 2021 at 06:31 PM, Mark Fletcher wrote:
Photo search results now contain the album name as well. Please let me know if you have suggestions for formatting improvements.
Thanks Mark, it's very helpful.

If you wanted to sorta replicate the usage of the file type icons used in the Files search, you could add a type qualifier and reformat the text in two lines like this:

Album: xyz
Photo:123[.jpg]

That should make it 100% unambiguous as Photos allows one to name an image without extension.

Cheers,
Christos


moderated Re: Search function in Photos doesn't indicate album names #suggestion

 

On Sat, Aug 28, 2021 at 1:59 PM Christos Psarras <christos@...> wrote:

My suggestion is to add the album name under the thumbnail's clickable photo filename (or over or thereabouts), as that should be (hopefully) very little work, and should help tell to the user which album they are going to, or which album this photo belongs to, plus also give the indication the album name matched the search term.

Photo search results now contain the album name as well. Please let me know if you have suggestions for formatting improvements.

Thanks,
Mark 


moderated Re: Member unable to close a poll #bug

Andy Wedge
 

On Tue, Sep 14, 2021 at 08:55 PM, Duane wrote:
If someone has questions and/or suggestions, they have to start a new topic,
Agreed. If members are allowed to reply to a poll message there will be instances of them trying to email poll responses rather than responding online.

Andy


moderated Re: Duplicate log entries for approving pending messages #bug

 

On Tue, Sep 14, 2021 at 2:25 PM Duane <txpigeon@...> wrote:
On Tue, Sep 14, 2021 at 03:20 PM, Mark Fletcher wrote:
We no longer generate the `claim pending message` activity log
I'm not sure, but I think this has created another problem.  When reading a pending message, the Approve button doesn't work.  If I go back and select the check box for that message, I can Approve it.

Oops. Should be fixed now.

Thanks,
Mark 


moderated Re: Duplicate log entries for approving pending messages #bug

Duane
 

On Tue, Sep 14, 2021 at 03:20 PM, Mark Fletcher wrote:
We no longer generate the `claim pending message` activity log
I'm not sure, but I think this has created another problem.  When reading a pending message, the Approve button doesn't work.  If I go back and select the check box for that message, I can Approve it.

Thanks,
Duane


moderated Re: Include subscription settings badges on membersubgroups page #suggestion

 

On Tue, Aug 31, 2021 at 9:45 AM Andy Wedge <andy_wedge@...> wrote:

on the main group member list it shows subscription settings badges next to the delivery type for Following and Attachment Size limits etc.  If you open a membership record and then go to the Subgroups page, it lists the subgroups that a member belongs to and the basic delivery type but not the additional badges and you have to open the member's subscription setting for the subgroup to view the details (or go to the member list for each subgroup).  Can we get the badges added to the membersubgroups page please?

Done.

Cheers,
Mark 


moderated Re: Duplicate log entries for approving pending messages #bug

 

Hi All,

We no longer generate the `claim pending message` activity log entry except when editing a pending message or undoing an edit to a pending message.

Thanks,
Mark


moderated Re: Locked topic icon not always shown on Polls view #bug

 

On Sun, Sep 12, 2021 at 7:21 AM Andy Wedge <andy_wedge@...> wrote:

in my testing subgroup, I noticed that the locked topic icon is not always displayed for polls on the polls page. When viewing by topic I see this:


On the Polls page, that icon is indicating when a poll is closed. On the Topics page, the icon indicates when a Topic is locked.

I've changed the icon on the Polls page to be an X, with the screen reader word of 'closed'. 

Thanks,
Mark 


moderated Re: Member unable to close a poll #bug

Andy Wedge
 

Hi Mark

On Tue, Sep 14, 2021 at 08:29 PM, Mark Fletcher wrote:
What if we do something different? What if there would be a new option on a poll, to not allow discussion? And then I'd change the locked topic behavior so that no changes to the poll, including new responses, could be made. This way, locking a poll topic behaves more like locking a 'normal' topic.
 
I'm not sure what discussion would take place for a poll. Surely the only responses needed are to select the answer options available so it would seem reasonable to just stop all responses by email to a poll which is the reason we currently lock it.

Regards
Andy

701 - 720 of 30697