IETF Logo Mail Archive

Re: [dmarc-ietf] Header munging, not ARC, can solve the mailing list problem

Alessandro Vesely <vesely@tana.it> Mon, 22 June 2020 11:24 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B3E3A0C11 for <dmarc@ietfa.amsl.com>; Mon, 22 Jun 2020 04:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmETtqcsBXC6 for <dmarc@ietfa.amsl.com>; Mon, 22 Jun 2020 04:24:07 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DDCB3A0C30 for <dmarc@ietf.org>; Mon, 22 Jun 2020 04:24:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1592825041; bh=hrde7lx8EM6UqzKEkC4s/Ngird4+SV1/MpsjU2LjUXg=; l=8361; h=To:References:From:Date:In-Reply-To; b=CPX1ElE9DbLS63dxaXKuUIVHOWR8YkLETrqwmiiwA/8kUA7l2DXcEvObZ9sTHLM/Z V+RLVuiF9w67DzM1SvqktsLs2gqEa7l5hzF5rQQpodoTZSHOFvAtUGEevg4GFR59iw CTkZngVKEXprmmNNKy+atRKO1P742jbFx7L7u8VCxutQCBrfJHmyb8EToCfw3
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [192.168.1.101] ([5.170.193.100]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.2, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005EF094D1.00000885; Mon, 22 Jun 2020 13:24:00 +0200
To: dmarc@ietf.org
References: <20200615174422.9405A1ABFF41@ary.qy> <beb53b69-ea37-b34a-a978-2d06f2aa3bba@wisc.edu> <2598929.Ph2NfEyP8u@sk-desktop> <7296aa6b-1f7e-cb97-b756-857690c54bac@tana.it> <0F22234A-5A43-4473-8E67-B76C01CDA10F@episteme.net> <9f84e74a-cba5-fbd3-1e70-c60bb0848e6a@gmail.com> <CF9775C7-1606-4350-A84D-72FECEA32DCD@episteme.net> <25bea41a-b165-99d8-f938-eb95225fa63c@tana.it> <39da11d2-f622-92c7-30c9-c1867e8867c4@gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <27a30b41-220f-0dbf-c33e-e23d2fc36bae@tana.it>
Date: Mon, 22 Jun 2020 13:23:56 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <39da11d2-f622-92c7-30c9-c1867e8867c4@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Mi6jz1SfgOnz7JjPUemkpJvFQ_w>
Subject: Re: [dmarc-ietf] Header munging, not ARC, can solve the mailing list problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 11:24:16 -0000

On 2020-06-21 7:32 p.m., Dave Crocker wrote:
> On 6/18/2020 12:46 AM, Alessandro Vesely wrote:
>> "Authoring" can have subtly different acceptations, though.  The
>> exact sentence is:
>>
>>              The "From:" field specifies the author(s) of the message,
>>    that is, the mailbox(es) of the person(s) or system(s) responsible
>>    for the writing of the message.
>> [https://tools.ietf.org/html/rfc5322#section-3.6.2]
>>
>> That is not so far from real.  The term "writing" sounds ambiguous,
>> as it is not clear whether it means "typing" or "publishing", in the
>> case of public mailing lists.  Given that Sender: is dedicated to
>> the typist, I'd opt for the latter interpretation.
> 
> In simple terms, author is the creator of the content and sender is
> the agent for getting the content processed.  The latter was
> distinguished to provide a means of improving accountability if there
> were problems.  When SMTP was created, later, MailFrom was added as an
> address for sending message handling reports.
> 
> When first specified, Sender: was to cover the case of someone doing
> the online work, on behalf of  authors who weren't online, or at least
> not online for processing the message.  Back in those days, that was
> not uncommon.  Even if the author officially had an online presence,
> they often did not do the typing.
> 
> (To underscore this a bit: in most of the business world, knowing how
> to type was deemed a menial, secretarial skill and not appropriate for
> an executive. To carry this a bit further: around the time RFC733 was
> developed, in 1977, I managed to get the person in charge of
> department administration functions to authorize my getting a desk
> with a right-hand return, where a secretary's typewriter would go, and
> where I put my terminal. This was extremely unusual and the immediate,
> similar requests from all the other staff like me were rejected. Also,
> when I announced my departure, the next year, the admin was instantly
> flooded with requests for my desk...)


Thank you for sharing the above historic perspective.


> [...]
> 
> So, in abstract terms, if I go to a greeting card site and have it
> send a greeting on my behalf, the From: field should be my own email
> address and Sender: should an address at the greeting card company. 
> But I said 'abstract' because current realities mean this isn't as
> useful an arrangement as the theory intended.


Agreed.  I'd derive it's time to revise the theory, however slightly.


> I believe this is because Sender: is not reliably present. Hence, it
> literally cannot be relied upon.  The Sender field is not created
> reliably to indicate such distinctions and the receive side does not
> reliable note the distinctions.


The fact that it cannot be set by a MUA implies Sender: already lost
its menial meaning.  So it became a Mediator sort of thing.  This list
sets it to "dmarc" <dmarc-bounces@ietf.org>.  Does anybody use it, or
ever happened o take a look at it?

See below for an alternative arrangement.


>> For a newspaper, if you pardon the analogy, the masthead is more
>> visible than columnist signatures at the end of the articles.  For a
>> mailing list, publisher visibility used to be provided by subject
>> tags, leaving the From: intact.  Why?  Presumably, because it just
>> worked that way.  However, if the MLM is the system responsible for
>> writing, not modifying From: should be considered a violation.
> 
> If a Mediator makes 'substantial' changes to a message, then it can be
> considered a new and different message?  Yes, but note that we have no
> objective criteria for this.  That's why I class this reference to
> 'publisher' as a business issue rather than a technical one.  (And an
> ethical one, as some wayward journalists discover when they claim to
> be quoting someone but it turns out the reporter invented the content.)


You certainly recall the level of sophistication described in Nelson's
Literary Machines.  Email is nowhere near that precision, therefore we
/have/ to relegate such issues to ethical or business ones.

As you say, an add-on to check quotation authenticity would require
access to the whole thread, and even then it wouldn't be trivial to
get it done.


> However I think that referencing the role of an MLM as 'publisher' can
> be helpful to remind us that MLMs have their own agency and can,
> legitimately, make all sorts of changes.  Whether authors and
> recipients like those changes is a non-technical matter.
> 
> The practical problem with From: field munging by MLMs that are
> otherwise trying to relay a largely-unmodified messages, is that they
> effective destroy author information, by putting in a different email
> address.
> 
> In practical terms, today, the MLMs arguably don't have a choice.  But
> it still can be helpful to understand the problems created by this
> alternation.


IMHO, the choice is how to do rewriting given the constraint that the
domain of From:'s addr-spec must match d= in MLM's signature.


>>> My understanding of the meaning that DMARC added was, "The
>>> author of this message, as expressed in the From: field, always
>>> has their messages properly signed by the domain in the From:
>>> address." You seem to be saying that, no, what DMARC did was
>>> changed the semantic to be, "The From: field now represents the
>>> transmitter of the message (as used to be expressed in the 
>>> Sender: field when present), not the author, and that
>>> transmitter always has their messages properly signed by the
>>> domain in the From: address".>
> For reference, I consider this an accurate summary of why I say that
> the From: field semantic is changed as a result of DMARC. Specifically
> so that mailing list mail can be delivered.


Yes.


>> Sender: was not meant to be the transmitter in that sense.  It was
>> meant to be the secretary who writes on behalf of a responsible
>> person or system.
> RFC 5322 has preserved the semantic of the Sender: field:
> 
>      "The "Sender:" field specifies the mailbox of the agent
> responsible for the actual transmission of the message. "
> 
> I consider that to be exactly the role the MLM is performing.


Sender ID already tried that path.  It didn't work.  Why insist?

For the rationale, that quoted sentence of RFC 5322 is followed by an
example which doesn't seem to match a Mediator role.  Why not use the
Resent-From: field and its companions instead?


>> RFC 5322 says display names are "associated" to a mailbox.
> 
> I don't see such language in RFC 5322.  In fact, other than the ABNF
> for display-name, I don't see any explanation of its semantic.


    Note: Some legacy implementations used the simple form where the
    addr-spec appears without the angle brackets, but included the
    name of the recipient in parentheses as a comment following the
    addr-spec.  Since the meaning of the information in a comment is
    unspecified, implementations SHOULD use the full name-addr form of
    the mailbox, instead of the legacy form, to specify the display
    name *associated* with a mailbox.  Also, because some legacy
    implementations interpret the comment, comments generally SHOULD
    NOT be used in address fields to avoid confusing such
    implementations.
                    [https://tools.ietf.org/html/rfc5322#section-3.4]
                    [(my emphasis)]


>> Certainly, changing just the addr-spec breaks the association and
>> wreaks havoc to address books. 
> 
> Exactly.


Here's an alternative arrangement for the fields:

An author composes a message and submits it to the MLM.  The publisher
can accept it or not.  It's their business policy whether to moderate,
blindly trust (some) authors, or whatever.  If they accept the
article, then they send it back to the author, accompanied by the
MLM's marks of acceptance for publication.  Hence, From: the MLM, To:
the author, Bcc: the rest of subscribers.

That arrangement saves the association and the ability to reply all.

There is an unusual MLM option to individually send messages To: each
recipient, which neither supports the above arrangement nor advanced
sending schemes, such as Courier-MTA's VERP SMTP extension.


Best
Ale
--

v2.23.0 | Report a Bug | By Email