Nobody is unsubscribed

Raimo Niskanen raimo+erlang-questions@REDACTED
Tue Nov 5 16:46:49 CET 2019


Certificates are now in place, and redirects are "working", so if you go to
http://erlang.org you end up at https://www.erlang.org/.

Remains that many links back from https://www.erlang.org to erlang.org
downgrade to http:.

We have not (yet) implemented HTTP Strict Transport Security (HSTS)
on erlang.org or any of its subdomains.

Will that be frowned upon?

If not I think we ore done for now (apart from hunting down all bad links
mentioned above).

Thank you for your feedback!
/ Raimo Niskanen


On Mon, Nov 04, 2019 at 11:53:16AM +0100, Loïc Hoguin wrote:
> For erlang.org itself there's two problems currently: no automatic 
> redirection from http to https;
> 
> And this:
> 
> Your connection is not private
> This server could not prove that it is erlang.org; its security 
> certificate is from www2.erlang.org. This may be caused by a 
> misconfiguration or an attacker intercepting your connection.
> 
> NET::ERR_CERT_COMMON_NAME_INVALID
> Subject: www2.erlang.org
> 
> Issuer: DigiCert SHA2 Secure Server CA
> 
> Expires on: Oct 22, 2021
> 
> Current date: Nov 4, 2019
> 
> Keep up the good work.
> 
> On 04/11/2019 11:34, Raimo Niskanen wrote:
> > On Mon, Nov 04, 2019 at 10:47:03AM +0100, Adam Lindberg wrote:
> >> Speaking of servers and domains, when is HTTPS coming to erlang.org and it’s sub-domains?
> > 
> > HTTPS has been active for www.erlang.org and bugs.erlang.org for years.
> > The recent web server upgrade enabled it for erlang.org as well;
> > we are working on it...
> > 
> > Best regards
> > / Raimo
> > 
> > 
> >>
> >> Cheers,
> >> Adam
> >>
> >>> On 2. Nov 2019, at 09:14, Raimo Niskanen <ratmapper@REDACTED> wrote:
> >>>
> >>> Yes it does. It applies to all mailing lists.
> >>>
> >>> Ericsson has got its eyes on mailing lists at erlang.org since it owns the domain.
> >>>
> >>> Best regards
> >>> / Raimo Niskanen
> >>>
> >>> Den lör 2 nov. 2019 02:47Richard O'Keefe <raoknz@REDACTED> skrev:
> >>> Does this apply to the EEPS list as well?
> >>>
> >>> On Sat, 2 Nov 2019 at 04:25, Joe Harrison <joe@REDACTED> wrote:
> >>>>
> >>>> Thanks for doing all of this, regardless.
> >>>>
> >>>> There's no perfect way to do mailing lists in a DMARC/DKIM/SPF compliant
> >>>> way that doesn't break some client's "From:" field, subject line, or
> >>>> "Reply:" button in some way, but this seems like the least bad option.
> >>>>
> >>>> I hope my emails make it through to the list now ^_^
> >>>>
> >>>> OT: Be careful of organisations' web contact forms which ask for your
> >>>> email address. Sometimes their web servers generate an email from the
> >>>> form using your email address as the "From:" address, which will break a
> >>>> lot of DKIM/DMARC/SPF stuff.
> >>>> I know of at least one local authority (council) website in the UK which
> >>>> is guilty of this.
> >>>>
> >>>> - Joe
> >>>>
> >>>> On 26/10/2019 07:57, Raimo Niskanen wrote:
> >>>>> It is mainly "the big ones" that have been affected by stricter DMARC
> >>>>> policies.
> >>>>>
> >>>>> When a subscriber sending from e.g Yahoo gets received by Gmail then
> >>>>> Gmail rejects that message since Yahoo's DMARC policy says so (also vice
> >>>>> versa). So the list gets a bounce and eventually blocks the Gmail
> >>>>> subscriber, if enough in a row happens to send with strict DMARC policies.
> >>>>>
> >>>>> So for some it has worked, some gets an annoying list probe every now
> >>>>> and then, some do not get many posts, but the final nail in the coffin
> >>>>> was Ericsson (Erlang/OTP's home corporation) that tightened its DMARC
> >>>>> policy and at the same time told us to get our act together and stop
> >>>>> sending "unhygienic e-mail".
> >>>>>
> >>>>> All the best
> >>>>> / Raimo
> >>>>>
> >>>>>
> >>>>> Den fre 25 okt. 2019 16:58Chris Rempel <csrl@REDACTED
> >>>>> <mailto:csrl@REDACTED>> skrev:
> >>>>>
> >>>>>      Not having the subject contain [erlang-questions] or some other
> >>>>>      obvious indicator is quite unfortunate.  I guess many people were
> >>>>>      affected by not being DMARC compliant?  It seems to have been
> >>>>>      working just fine for quite some time... ie it "works for me" as it was.
> >>>>>
> >>>>>      That said, thanks for maintaining the list, and keeping it going.
> >>>>>      It is a most useful resource.
> >>>>>
> >>>>>      Chris
> >>>>>
> >>>>>      *Sent:* Friday, October 25, 2019 at 7:38 AM
> >>>>>      *From:* "Raimo Niskanen" <ratmapper@REDACTED
> >>>>>      <mailto:ratmapper@REDACTED>>
> >>>>>      *To:* erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
> >>>>>      *Subject:* Re: Nobody is unsubscribed
> >>>>>      To achieve DMARC compliance we have stopped changing the Subject:
> >>>>>      field and no longer add the mailing list footer to the messages.
> >>>>>
> >>>>>      This is because From: Subject: and mail body among other fields are
> >>>>>      often DKIM signed, so if we should change them we would not pass DKIM
> >>>>>      signature check and thereby not be DMARC compliant.
> >>>>>
> >>>>>      Sorry for the inconvenience, we do not make the rules...
> >>>>>      / Raimo Niskanen
> >>>>>
> >>>>>      On Fri, Oct 25, 2019 at 3:23 PM Raimo Niskanen <ratmapper@REDACTED
> >>>>>      <mailto:ratmapper@REDACTED>> wrote:
> >>>>>      >
> >>>>>      > The reason we changed mailing list servers was to get better DMARC and
> >>>>>      > DKIM compliance. This is a test post for us to inspect its headers...
> >>>>>      > --
> >>>>>      > Raimo Niskanen
> >>>>>
> >>>>
> >>
> > 
> 
> -- 
> Loïc Hoguin
> https://ninenines.eu

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB



More information about the erlang-questions mailing list