Nobody is unsubscribed

Loïc Hoguin essen@REDACTED
Mon Nov 4 17:30:30 CET 2019 

On 04/11/2019 13:44, Raimo Niskanen wrote:
> On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
>> For erlang.org itself there's two problems currently: no automatic
>> redirection from http to https;
> 
> That seems to be the industry standard now, but I would like content to be
> accessible without having to use https.

Redirection is generally not great because you get redirected every time 
you go through via http. There's HSTS that gets us one step further by 
telling browsers to remember they have to use HTTPS instead of HTTP, so 
the initial HTTP call isn't made.

> The redirect for http://erlang.org and https://erlang.org goes to
> $scheme://www.erlang.org, which redirects to https://www.erlang.org.
> 
> Unfortunately the redirects back from e.g https://www.erlang.org/doc
> changes to http://erlang.org/doc because https for erlang.org did not work
> until 10 minutes ago.

And redirection tends to lead to this issues.

> Would it be sufficient to make those redirects from www.erlang.org to
> erlang.org not change from https to http?

You definitely shouldn't downgrade if possible. I am wondering however 
if you want to leave *browsers* able to access the site via plain HTTP, 
or clients in general (including things like curl for example). A policy 
like HSTS is only used by clients that understand it (so mostly 
browsers) so maybe this is what you want to setup. Browsers would always 
go through HTTPS; other clients would be able to use both HTTP and HTTPS.

Cheers,

> That, and the answer 20 lines down...?
> 
>>
>> And this:
>>
>> Your connection is not private
>> This server could not prove that it is erlang.org; its security
>> certificate is from www2.erlang.org. This may be caused by a
>> misconfiguration or an attacker intercepting your connection.
>>
>> NET::ERR_CERT_COMMON_NAME_INVALID
>> Subject: www2.erlang.org
>>
>> Issuer: DigiCert SHA2 Secure Server CA
>>
>> Expires on: Oct 22, 2021
>>
>> Current date: Nov 4, 2019
> 
> A new certificate is in place, so this should be fixed.
> 
> / Raimo
> 
> 
>>
>> Keep up the good work.
>>
>> On 04/11/2019 11:34, Raimo Niskanen wrote:
>>> On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
>>>> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
>>>
>>> HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
>>> The recent web server upgrade enabled it for erlang.org as well;
>>> we are working on it...
>>>
>>> Best regards
>>> / Raimo
>>>
>>>
>>>>
>>>> Cheers,
>>>> Adam
>>>>
>>>>> On 2. Nov 2019, at 09:14, Raimo Niskanen <ratmapper@REDACTED> wrote:
>>>>>
>>>>> Yes it does. It applies to all mailing lists.
>>>>>
>>>>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
>>>>>
>>>>> Best regards
>>>>> / Raimo Niskanen
>>>>>
>>>>> Den lör 2 nov. 2019 02:47Richard O'Keefe <raoknz@REDACTED> skrev:
>>>>> Does this apply to the EEPS list as well?
>>>>>
>>>>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <joe@REDACTED> wrote:
>>>>>>
>>>>>> Thanks for doing all of this, regardless.
>>>>>>
>>>>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
>>>>>> way that doesn't break some client's "From:" field, subject line, or
>>>>>> "Reply:" button in some way, but this seems like the least bad option.
>>>>>>
>>>>>> I hope my emails make it through to the list now ^_^
>>>>>>
>>>>>> OT: Be careful of organisations' web contact forms which ask for your
>>>>>> email address. Sometimes their web servers generate an email from the
>>>>>> form using your email address as the "From:" address, which will break a
>>>>>> lot of DKIM/DMARC/SPF stuff.
>>>>>> I know of at least one local authority (council) website in the UK which
>>>>>> is guilty of this.
>>>>>>
>>>>>> - Joe
>>>>>>
>>>>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
>>>>>>> It is mainly "the big ones" that have been affected by stricter DMARC
>>>>>>> policies.
>>>>>>>
>>>>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
>>>>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
>>>>>>> versa). So the list gets a bounce and eventually blocks the Gmail
>>>>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
>>>>>>>
>>>>>>> So for some it has worked, some gets an annoying list probe every now
>>>>>>> and then, some do not get many posts, but the final nail in the coffin
>>>>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
>>>>>>> policy and at the same time told us to get our act together and stop
>>>>>>> sending "unhygienic e-mail".
>>>>>>>
>>>>>>> All the best
>>>>>>> / Raimo
>>>>>>>
>>>>>>>
>>>>>>> Den fre 25 okt. 2019 16:58Chris Rempel <csrl@REDACTED
>>>>>>> <mailto:csrl@REDACTED>> skrev:
>>>>>>>
>>>>>>>       Not having the subject contain [erlang-questions] or some other
>>>>>>>       obvious indicator is quite unfortunate.  I guess many people were
>>>>>>>       affected by not being DMARC compliant?  It seems to have been
>>>>>>>       working just fine for quite some time... ie it "works for me" as it was.
>>>>>>>
>>>>>>>       That said, thanks for maintaining the list, and keeping it going.
>>>>>>>       It is a most useful resource.
>>>>>>>
>>>>>>>       Chris
>>>>>>>
>>>>>>>       *Sent:* Friday, October 25, 2019 at 7:38 AM
>>>>>>>       *From:* "Raimo Niskanen" <ratmapper@REDACTED
>>>>>>>       <mailto:ratmapper@REDACTED>>
>>>>>>>       *To:* erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>>>>>>>       *Subject:* Re: Nobody is unsubscribed
>>>>>>>       To achieve DMARC compliance we have stopped changing the Subject:
>>>>>>>       field and no longer add the mailing list footer to the messages.
>>>>>>>
>>>>>>>       This is because From: Subject: and mail body among other fields are
>>>>>>>       often DKIM signed, so if we should change them we would not pass DKIM
>>>>>>>       signature check and thereby not be DMARC compliant.
>>>>>>>
>>>>>>>       Sorry for the inconvenience, we do not make the rules...
>>>>>>>       / Raimo Niskanen
>>>>>>>
>>>>>>>       On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <ratmapper@REDACTED
>>>>>>>       <mailto:ratmapper@REDACTED>> wrote:
>>>>>>>       >
>>>>>>>       > The reason we changed mailing list servers was to get better DMARC and
>>>>>>>       > DKIM compliance. This is a test post for us to inspect its headers...
>>>>>>>       > --
>>>>>>>       > Raimo Niskanen
>>>>>>>
>>>>>>
>>>>
>>>
>>
>> -- 
>> Loïc Hoguin
>> https://ninenines.eu
> 

-- 
Loïc Hoguin
https://ninenines.eu

More information about the erlang-questions mailing list