Re: [dmarc-ietf] Header munging, not ARC, can solve the mailing list problem
Alessandro Vesely <vesely@tana.it> Mon, 22 June 2020 11:24 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B3E3A0C11 for <dmarc@ietfa.amsl.com>; Mon, 22 Jun 2020 04:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmETtqcsBXC6 for <dmarc@ietfa.amsl.com>; Mon, 22 Jun 2020 04:24:07 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DDCB3A0C30 for <dmarc@ietf.org>; Mon, 22 Jun 2020 04:24:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1592825041; bh=hrde7lx8EM6UqzKEkC4s/Ngird4+SV1/MpsjU2LjUXg=; l=8361; h=To:References:From:Date:In-Reply-To; b=CPX1ElE9DbLS63dxaXKuUIVHOWR8YkLETrqwmiiwA/8kUA7l2DXcEvObZ9sTHLM/Z V+RLVuiF9w67DzM1SvqktsLs2gqEa7l5hzF5rQQpodoTZSHOFvAtUGEevg4GFR59iw CTkZngVKEXprmmNNKy+atRKO1P742jbFx7L7u8VCxutQCBrfJHmyb8EToCfw3
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [192.168.1.101] ([5.170.193.100]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.2, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005EF094D1.00000885; Mon, 22 Jun 2020 13:24:00 +0200
To: dmarc@ietf.org
References: <20200615174422.9405A1ABFF41@ary.qy> <beb53b69-ea37-b34a-a978-2d06f2aa3bba@wisc.edu> <2598929.Ph2NfEyP8u@sk-desktop> <7296aa6b-1f7e-cb97-b756-857690c54bac@tana.it> <0F22234A-5A43-4473-8E67-B76C01CDA10F@episteme.net> <9f84e74a-cba5-fbd3-1e70-c60bb0848e6a@gmail.com> <CF9775C7-1606-4350-A84D-72FECEA32DCD@episteme.net> <25bea41a-b165-99d8-f938-eb95225fa63c@tana.it> <39da11d2-f622-92c7-30c9-c1867e8867c4@gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <27a30b41-220f-0dbf-c33e-e23d2fc36bae@tana.it>
Date: Mon, 22 Jun 2020 13:23:56 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <39da11d2-f622-92c7-30c9-c1867e8867c4@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Mi6jz1SfgOnz7JjPUemkpJvFQ_w>
Subject: Re: [dmarc-ietf] Header munging, not ARC, can solve the mailing list problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 11:24:16 -0000
On 2020-06-21 7:32 p.m., Dave Crocker wrote: > On 6/18/2020 12:46 AM, Alessandro Vesely wrote: >> "Authoring" can have subtly different acceptations, though. The >> exact sentence is: >> >> The "From:" field specifies the author(s) of the message, >> that is, the mailbox(es) of the person(s) or system(s) responsible >> for the writing of the message. >> [https://tools.ietf.org/html/rfc5322#section-3.6.2] >> >> That is not so far from real. The term "writing" sounds ambiguous, >> as it is not clear whether it means "typing" or "publishing", in the >> case of public mailing lists. Given that Sender: is dedicated to >> the typist, I'd opt for the latter interpretation. > > In simple terms, author is the creator of the content and sender is > the agent for getting the content processed. The latter was > distinguished to provide a means of improving accountability if there > were problems. When SMTP was created, later, MailFrom was added as an > address for sending message handling reports. > > When first specified, Sender: was to cover the case of someone doing > the online work, on behalf of authors who weren't online, or at least > not online for processing the message. Back in those days, that was > not uncommon. Even if the author officially had an online presence, > they often did not do the typing. > > (To underscore this a bit: in most of the business world, knowing how > to type was deemed a menial, secretarial skill and not appropriate for > an executive. To carry this a bit further: around the time RFC733 was > developed, in 1977, I managed to get the person in charge of > department administration functions to authorize my getting a desk > with a right-hand return, where a secretary's typewriter would go, and > where I put my terminal. This was extremely unusual and the immediate, > similar requests from all the other staff like me were rejected. Also, > when I announced my departure, the next year, the admin was instantly > flooded with requests for my desk...) Thank you for sharing the above historic perspective. > [...] > > So, in abstract terms, if I go to a greeting card site and have it > send a greeting on my behalf, the From: field should be my own email > address and Sender: should an address at the greeting card company. > But I said 'abstract' because current realities mean this isn't as > useful an arrangement as the theory intended. Agreed. I'd derive it's time to revise the theory, however slightly. > I believe this is because Sender: is not reliably present. Hence, it > literally cannot be relied upon. The Sender field is not created > reliably to indicate such distinctions and the receive side does not > reliable note the distinctions. The fact that it cannot be set by a MUA implies Sender: already lost its menial meaning. So it became a Mediator sort of thing. This list sets it to "dmarc" <dmarc-bounces@ietf.org>. Does anybody use it, or ever happened o take a look at it? See below for an alternative arrangement. >> For a newspaper, if you pardon the analogy, the masthead is more >> visible than columnist signatures at the end of the articles. For a >> mailing list, publisher visibility used to be provided by subject >> tags, leaving the From: intact. Why? Presumably, because it just >> worked that way. However, if the MLM is the system responsible for >> writing, not modifying From: should be considered a violation. > > If a Mediator makes 'substantial' changes to a message, then it can be > considered a new and different message? Yes, but note that we have no > objective criteria for this. That's why I class this reference to > 'publisher' as a business issue rather than a technical one. (And an > ethical one, as some wayward journalists discover when they claim to > be quoting someone but it turns out the reporter invented the content.) You certainly recall the level of sophistication described in Nelson's Literary Machines. Email is nowhere near that precision, therefore we /have/ to relegate such issues to ethical or business ones. As you say, an add-on to check quotation authenticity would require access to the whole thread, and even then it wouldn't be trivial to get it done. > However I think that referencing the role of an MLM as 'publisher' can > be helpful to remind us that MLMs have their own agency and can, > legitimately, make all sorts of changes. Whether authors and > recipients like those changes is a non-technical matter. > > The practical problem with From: field munging by MLMs that are > otherwise trying to relay a largely-unmodified messages, is that they > effective destroy author information, by putting in a different email > address. > > In practical terms, today, the MLMs arguably don't have a choice. But > it still can be helpful to understand the problems created by this > alternation. IMHO, the choice is how to do rewriting given the constraint that the domain of From:'s addr-spec must match d= in MLM's signature. >>> My understanding of the meaning that DMARC added was, "The >>> author of this message, as expressed in the From: field, always >>> has their messages properly signed by the domain in the From: >>> address." You seem to be saying that, no, what DMARC did was >>> changed the semantic to be, "The From: field now represents the >>> transmitter of the message (as used to be expressed in the >>> Sender: field when present), not the author, and that >>> transmitter always has their messages properly signed by the >>> domain in the From: address".> > For reference, I consider this an accurate summary of why I say that > the From: field semantic is changed as a result of DMARC. Specifically > so that mailing list mail can be delivered. Yes. >> Sender: was not meant to be the transmitter in that sense. It was >> meant to be the secretary who writes on behalf of a responsible >> person or system. > RFC 5322 has preserved the semantic of the Sender: field: > > "The "Sender:" field specifies the mailbox of the agent > responsible for the actual transmission of the message. " > > I consider that to be exactly the role the MLM is performing. Sender ID already tried that path. It didn't work. Why insist? For the rationale, that quoted sentence of RFC 5322 is followed by an example which doesn't seem to match a Mediator role. Why not use the Resent-From: field and its companions instead? >> RFC 5322 says display names are "associated" to a mailbox. > > I don't see such language in RFC 5322. In fact, other than the ABNF > for display-name, I don't see any explanation of its semantic. Note: Some legacy implementations used the simple form where the addr-spec appears without the angle brackets, but included the name of the recipient in parentheses as a comment following the addr-spec. Since the meaning of the information in a comment is unspecified, implementations SHOULD use the full name-addr form of the mailbox, instead of the legacy form, to specify the display name *associated* with a mailbox. Also, because some legacy implementations interpret the comment, comments generally SHOULD NOT be used in address fields to avoid confusing such implementations. [https://tools.ietf.org/html/rfc5322#section-3.4] [(my emphasis)] >> Certainly, changing just the addr-spec breaks the association and >> wreaks havoc to address books. > > Exactly. Here's an alternative arrangement for the fields: An author composes a message and submits it to the MLM. The publisher can accept it or not. It's their business policy whether to moderate, blindly trust (some) authors, or whatever. If they accept the article, then they send it back to the author, accompanied by the MLM's marks of acceptance for publication. Hence, From: the MLM, To: the author, Bcc: the rest of subscribers. That arrangement saves the association and the ability to reply all. There is an unusual MLM option to individually send messages To: each recipient, which neither supports the above arrangement nor advanced sending schemes, such as Courier-MTA's VERP SMTP extension. Best Ale --
- Re: [dmarc-ietf] why ARC Dave Crocker
- Re: [dmarc-ietf] why ARC John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Scott Kitterman
- Re: [dmarc-ietf] Header munging, not ARC, can sol… devel2020
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Alessandro Vesely
- Re: [dmarc-ietf] why ARC Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- [dmarc-ietf] Header munging, not ARC, can solve t… Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Kurt Andersen (b)
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Benny Pedersen
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Benny Pedersen
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… devel2020
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Kurt Andersen (b)
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Scott Kitterman
- Re: [dmarc-ietf] why ARC Kurt Andersen (b)
- Re: [dmarc-ietf] why ARC Dave Crocker
- Re: [dmarc-ietf] why ARC John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jesse Thompson
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Brandon Long
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jesse Thompson
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Tim Wicinski
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Scott Kitterman
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Tim Wicinski
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Kurt Andersen (b)
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Scott Kitterman
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Murray S. Kucherawy
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Brandon Long
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… ned+dmarc
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Scott Kitterman
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Pete Resnick
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jesse Thompson
- Re: [dmarc-ietf] Header munging, not ARC, can sol… John Levine
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Pete Resnick
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Tim Wicinski
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Murray S. Kucherawy
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Laura Atkins
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Todd Herr
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Kurt Andersen (b)
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Pete Resnick
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Pete Resnick
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dotzero
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Laura Atkins
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Todd Herr
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jim Fenton
- [dmarc-ietf] Mediation (was: Re: Header munging, … Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Mediation (was: Re: Header mungi… Pete Resnick
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Todd Herr
- Re: [dmarc-ietf] Mediation Dave Crocker
- Re: [dmarc-ietf] Mediation (was: Re: Header mungi… Douglas E. Foster
- Re: [dmarc-ietf] Mediation Pete Resnick
- Re: [dmarc-ietf] Mediation Pete Resnick
- Re: [dmarc-ietf] Mediation Pete Resnick
- Re: [dmarc-ietf] Mediation (was: Re: Header mungi… Pete Resnick
- Re: [dmarc-ietf] Mediation (was: Re: Header mungi… Brandon Long
- Re: [dmarc-ietf] Mediation Dave Crocker
- Re: [dmarc-ietf] Mediation Dave Crocker
- Re: [dmarc-ietf] Mediation John Levine
- Re: [dmarc-ietf] Message-ID, was Mediation John Levine
- Re: [dmarc-ietf] Mediation Murray S. Kucherawy
- Re: [dmarc-ietf] Mediation and controlled forward… John R Levine
- Re: [dmarc-ietf] Mediation Dave Crocker
- Re: [dmarc-ietf] Mediation and controlled forward… Alessandro Vesely
- Re: [dmarc-ietf] Mediation Alessandro Vesely
- Re: [dmarc-ietf] Mediation and controlled forward… Douglas E. Foster
- Re: [dmarc-ietf] Mediation and controlled forward… Alessandro Vesely
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Mediation Hector Santos
- Re: [dmarc-ietf] Mediation and controlled forward… John Levine
- Re: [dmarc-ietf] Mediation and controlled forward… John Levine
- Re: [dmarc-ietf] Mediation Murray S. Kucherawy
- Re: [dmarc-ietf] Mediation Dave Crocker
- Re: [dmarc-ietf] Mediation and controlled forward… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dave Crocker
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Mediation Murray S. Kucherawy
- Re: [dmarc-ietf] Mediation Dave Crocker
- Re: [dmarc-ietf] Mediation John Levine
- Re: [dmarc-ietf] Mediation Murray S. Kucherawy
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Alessandro Vesely
- Re: [dmarc-ietf] Mediation Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… devel2020
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Hector Santos
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Brandon Long
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Jesse Thompson
- Re: [dmarc-ietf] Mediation Jesse Thompson
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Murray S. Kucherawy
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dotzero
- Re: [dmarc-ietf] Header munging: A solution propo… Douglas E. Foster
- Re: [dmarc-ietf] Header munging: A solution propo… Murray S. Kucherawy
- Re: [dmarc-ietf] Header munging: A solution propo… Douglas E. Foster
- Re: [dmarc-ietf] Header munging, not ARC, can sol… devel2020
- Re: [dmarc-ietf] Header munging, not ARC, can sol… Dotzero