Page MenuHomePhabricator

DomainKeys Identified Mail (DKIM) for wikipedia.org (and other projects)
Closed, ResolvedPublic

Description

As a reminder: Echo user no-reply-notifications@wikipedia.org (or @mediawiki.org etc.) in the From: and Reply-To of its email notifications, while the true sender wiki@wikimedia.org is left to the internals of Received headers.

A user posted headers of a message caught by Yahoo! spam filters which shows they want DKIM headers for the domain in question (unlike SPF which checks wikimedia.org), so it should be added for all projects: wikipedia.org and mediawiki.org to start with, but also the others for future deployments.

Authentication-Results: mta1066.mail.gq1.yahoo.com from=wikipedia.org; domainkeys=neutral (no sig); from=wikipedia.org; dkim=neutral (no sig)

https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_%28technical%29&oldid=579580929#WMF_notification_email_marked_as_spam_by_Yahoo


Version: unspecified
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=52569
https://bugzilla.wikimedia.org/show_bug.cgi?id=58261

Details

Reference
bz56413

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 2:25 AM
bzimport set Reference to bz56413.
bzimport added a subscriber: Unknown Object (MLST).
Nemo_bis created this task.Oct 31 2013, 7:46 AM

(In reply to comment #1)

also see: https://rt.wikimedia.org/Ticket/Display.html?id=5585

I received an e-mail that this RT ticket has been closed because this bug report was marked fixed. I think the e-mail was mistaken, though perhaps this issue is now resolved/fixed and the bug report simply needs to be updated? I'm a little confused.

Not fixed. Both (bug 53569) notifications received on a gmail box for https://en.wikipedia.org/?diff=next&oldid=567291664 show no DKIM info.

Received-SPF: pass (google.com: domain of wiki@wikimedia.org designates 208.80.152.133 as permitted sender) client-ip=208.80.152.133;
Authentication-Results: mx.google.com;

spf=pass (google.com: domain of wiki@wikimedia.org designates 208.80.152.133 as permitted sender) smtp.mail=wiki@wikimedia.org;
dmarc=pass (p=NONE dis=NONE) header.from=wikimedia.org
faidon added a comment.Jul 3 2014, 4:22 PM

All Wikimedia outgoing mail should be signed with DKIM now. We have no strict DMARC policy yet and it's unsure whether we'll decide to do so anytime soon, though.

jeremyb set Security to None.