Bug#1052624: debbugs: forwarded messages break DMARC, DKIM, SPF

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1052624: debbugs: forwarded messages break DMARC, DKIM, SPF
From: Jonathan Kamens <jik@kamens.us>
Date: Mon, 25 Sep 2023 08:38:14 -0400
Message-id: <[🔎] 169564549479.700656.9461583915522098588.reportbug@jik-x1>
Reply-to: Jonathan Kamens <jik@kamens.us>, 1052624@bugs.debian.org

Package: debbugs
Severity: normal

Debbugs forwards messages from bug maintainers with their From lines
intact, which is quite problematic for senders whose domains use
DMARC, DKIM, and/or SPF.

SPF: Since the forwarded messages aren't coming from one of the
sender's domain's mailservers, they violate the domain's SPF policy,
if any.

DKIM: debbugs modifies the forwarded messages in ways that break their
DKIM signatures.

DMARC: because SPF and DKIM are both broken in the forward, these
messages can't possibly be compliant with domain DMARC policies.

As a result, transmission and distribution of these messages is quite
unreliable. At the very least these signals make the messages more
likely to be interpreted as spam. At most they are completely bounced
by some recipients' mail servers.

The most obvious solution to this is straightforward: the From line in
these messages should be modified to contain the email address of the
bug, not the email address of the original sender. The original
sender's address can be put in Reply-To and/or indicated in the header
in a number of other ways. For example, sometimes something like this
is done:

  From: Jonathan Kamens <jik@kamens.us>

becomes:

  From: "Jonathan Kamens <jik@kamens.us> via" <###@bugs.debian.org>
  Reply-To: ###@bugs.debian.org, jik@kamens.us

There are different implications of the various ways this can be done,
so some thinking does need to go into the best way to do it, but it's
not an unsolvable problem.

If there is resistance to making this change across the board, then
another possibility is to only modify the headers on messages which
have DMARC policies and/or restrictive SPF policies. MailMan has a
mode which behaves this way.

In any case the original DKIM signature from the sender should be
removed since the messages is being modified. I'm not sure whether
debbugs already does this.

I would be happy to "put my money where my mouth is" and work on
fixing this and submitting a patch. However, I am reluctant to just
"jump in" and send in a patch without some engagement from the debbugs
maintainers first, because (a) as noted above, some consideration
needs to be given to the ramifications of various solutions before one
is chosen, and I don't think I'm in any position to do that
unilaterally, and (b) because this is a relatively old problem with a
relatively straightforward solution, I suspect that there may be
non-technical reasons why a fix hasn't been implemented. I'm reluctant
to do work that is not going to be accepted for philosophical or
political reasons.

Jonathan Kamens

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

Follow-Ups:
- Bug#1052624: debbugs: forwarded messages break DMARC, DKIM, SPF
  - From: Don Armstrong <don@debian.org>
- Processed: Re: Bug#1052624: debbugs: forwarded messages break DMARC, DKIM, SPF
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Next by Date: Bug#1052624: debbugs: forwarded messages break DMARC, DKIM, SPF
Next by thread: Bug#1052624: debbugs: forwarded messages break DMARC, DKIM, SPF
Index(es):
- Date
- Thread