IETF Logo Mail Archive

Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC

John Levine <johnl@taugh.com> Sun, 13 September 2020 02:58 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF1B3A0A1D for <dmarc@ietfa.amsl.com>; Sat, 12 Sep 2020 19:58:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=usLhecBD; dkim=pass (2048-bit key) header.d=taugh.com header.b=uybI9Buh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DuabBp6opIY6 for <dmarc@ietfa.amsl.com>; Sat, 12 Sep 2020 19:58:45 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 980373A0A16 for <dmarc@ietf.org>; Sat, 12 Sep 2020 19:58:45 -0700 (PDT)
Received: (qmail 15876 invoked from network); 13 Sep 2020 02:58:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3e01.5f5d8ae2.k2009; bh=7lMvnajnsS7t0GC1w1AaDi1Cz/q0ulXcIsGcb4ORU74=; b=usLhecBDSrxLdJ2wp7ui/KLrat2TuF5shPu3cRvQGOYu0XqUsrAuJfrB2YFhPiFHLpl7d+YKSCj1j39yzjw3WH8Z8t3JueUxNSU0QmoW8m/x/u+ux/7P8FolyaeTbbr2iFYLUyKeh4Az1yo3hOLlP+BvAQuvCUIO8pjWWUI5s87zKq2K/XwGnD6esj3UEL4vHuvCL9j8xeIweBEiHIvbzxh5WJDeh9hSXqeT1wYk+3MuyUyQ4xabISIl7h3JMA+9ROh6C+78UVVkdM8G2Tucd+B/TPTl0ZIpqsX1qZALyDBUOh29a5S9+Hs6m/wFjhmC4NtVVj0QEqDk15lQ4rINKA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3e01.5f5d8ae2.k2009; bh=7lMvnajnsS7t0GC1w1AaDi1Cz/q0ulXcIsGcb4ORU74=; b=uybI9BuhNQudtrteKn+HCtdYUwOQunQvqMTdujlCq/KcNYnGO9zofYPGnYTsjDhAOuTSppXfKLp3OVpHxZBfCHC973PccmMaghPECZiHhJESsT75inQLnlXQ0FYOUS4P7seaXaoRmYNDrBL/apuQHImr9/LtUNycL1JXr0M6TQxZnwF97lYDuTC0KT69gvfPdiPDvPWLyr585H2quylyvNNZsgeXj+KD51cohaMaRoHYItXArk45ZVHxT54sr9YrSTnVvwgDJnDK2vlT1z3PGXZAS8NTsO1LxjAkx9hKmdW3M6alYT1KGqlPBRg+VfNBNURdw5hRXgpw0bvM/8wltg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 13 Sep 2020 02:58:42 -0000
Received: by ary.qy (Postfix, from userid 501) id 1BBDD208C94C; Sat, 12 Sep 2020 22:58:42 -0400 (EDT)
Date: Sat, 12 Sep 2020 22:58:42 -0400
Message-Id: <20200913025842.1BBDD208C94C@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: superuser@gmail.com
In-Reply-To: <CAL0qLwZEDNT+LZDMrzecSuTD794jn0CoXRA5FG=rk6QJXO5Hyg@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2jpXQTyu80BMYMX-8o6LRnSNNMw>
Subject: Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2020 02:58:48 -0000

In article <CAL0qLwZEDNT+LZDMrzecSuTD794jn0CoXRA5FG=rk6QJXO5Hyg@mail.gmail.com> you write:
>-=-=-=-=-=-
>
>While I'm thinking of it:
>
>On Sat, Sep 12, 2020 at 6:11 PM Murray S. Kucherawy <superuser@gmail.com>
>wrote:
>
>> On Thu, Sep 10, 2020 at 3:51 PM Douglas E. Foster <fosterd=40bayviewphysicians.com@dmarc.ietf.org> wrote:
>>> DougF.dmarc@ietf.org. ...

>How does this compare to what's done here already (if enabled)?
>https://wiki.list.org/DEV/DMARC

As far as I know, no widely available list software does that.

Several years ago I came up with a per user rewrite hack for DMARC-ed
addresses so a From header like:

 marissa@yahoo.com

turns into:

 marissa@yahoo.com.dmarc.fail

Henrik did something similar for the IETF lists:

 marissa=40yahoo.com@dmarc.ietf.org

(You can see that in the copy of Doug's address above.)

In both cases we set up a temporary forward from the rewritten address
to the real one. This works pretty well. The problem is that it
requires that the list software can stick its fingers into the MTA and
manage aliases on the fly which isn't usually the case.

By the way, all of the anti-DMARC hacks I'm aware of are listed here:

	https://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail

Look at the history, you'll see most of them have been there at least since 2016.




-- 
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

v2.46.0 | Report a Bug | By Email | System Status