IETF Logo Mail Archive

Re: [dmarc-ietf] Reversing modifications from mailing lists

John Levine <johnl@taugh.com> Wed, 24 November 2021 16:30 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FDE03A0877 for <dmarc@ietfa.amsl.com>; Wed, 24 Nov 2021 08:30:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=Nvd6gbC1; dkim=pass (2048-bit key) header.d=taugh.com header.b=a6alxPq/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uj6sIyp71pb3 for <dmarc@ietfa.amsl.com>; Wed, 24 Nov 2021 08:30:12 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 488E13A086A for <dmarc@ietf.org>; Wed, 24 Nov 2021 08:30:11 -0800 (PST)
Received: (qmail 87704 invoked from network); 24 Nov 2021 16:30:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=15696.619e6891.k2111; bh=rxPaGvem3F6dbI9hChQuOhbtxc7lHyHP/D9BUuWxNlM=; b=Nvd6gbC17JbQRCn86ExnuH7PVWagW5ujDDn63DJQFl2mPgePwRTA6qWr9UC5YBpiIxweU6Kz+4EcmXoRiiftJ1+zAzLdLsBUmUeappKw18onvlbEqVf0KsnrZQ5pmWr2/iI4eLE52iSYlQCgVuFMnGmiI5+zGNHKPnrCZSesg4hVTREe306L9TI4v7aY43AVd4RbKWVVi8KV4G+M8aB3bt5LXt6Ib+TaPd6rRmvuIVg/F+aWl1wZu8s1pceCdtk0fxKB7bTCllRf/TkoM7lcBlLnIGR7AvT5WMzZQvQhjlr+G4PemHJF9NGDWUbRrVAmWkPGLwDoZVFnrvNoS2W2dw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=15696.619e6891.k2111; bh=rxPaGvem3F6dbI9hChQuOhbtxc7lHyHP/D9BUuWxNlM=; b=a6alxPq/qHmsxu5TD00XYiB2vTaqqqvs3ednHVtgdQRWY+vo8i1QIJFF34bjEQdN4zdyhDUj/R/dot+Ssbk9XOXWnFZI23NDy2wRZXYwpaGjUuS1PgcDP5ta7EOatNBiTXPy7kx2rutfALBs4UiSj0RDijqV+P8LsQhCvzIFSzV09p5TAEaUK83AGK05NrBBX20uHkFHaUR35xBpnKpkmHhwsiSNph4ha4fdrRJ62vKRlItAU9zZKc4Lb28wBG4+DOCz77DgyjqbGpANu5iP5n+TBzYuNYRbe3iNxtbxLw8ld4r4DMf99sqhFBWk/Iv4CmsWWOcGO/o6uaXbPYl88g==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Nov 2021 16:30:09 -0000
Received: by ary.qy (Postfix, from userid 501) id A1888308823E; Wed, 24 Nov 2021 11:30:08 -0500 (EST)
Date: Wed, 24 Nov 2021 11:30:08 -0500
Message-Id: <20211124163008.A1888308823E@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: vesely@tana.it
In-Reply-To: <6aad0642-f73c-ba6f-d26c-1c1fd90e2c9a@tana.it>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ZNgVwrjtyRf9Tc621hUe4cQHVzU>
Subject: Re: [dmarc-ietf] Reversing modifications from mailing lists
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Nov 2021 16:30:17 -0000

It appears that Alessandro Vesely  <vesely@tana.it> said:
>Sure.  Note that if the receiver trusts the MLM, simply recognizing it would be 
>enough to pass DMARC per the "mailing_list" policy override.  ARC additionally 
>provides the ability to learn the authentication status of the message when it 
>was received by the MLM.  That way, reputation can be reckoned with great 
>precision.

If you trust the mailing list, you can just have a whitelist and
completely ignore DMARC. If only.

Someone else from Google told me that they know perfectly well where
all the mailing lists are but they cannot do that because many lists
leak spam when spammers steal address books and send spam with
a fake From: of a subscriber. ARC specifically addresses this
situation by letting the recipient do the filtering that the list
didn't, e.g., reject unaligned input messages.

R's,
John

v2.23.0 | Report a Bug | By Email