IETF Logo Mail Archive

Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC

Dotzero <dotzero@gmail.com> Fri, 11 September 2020 12:05 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5EC33A0855; Fri, 11 Sep 2020 05:05:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j_Grb2agGxuH; Fri, 11 Sep 2020 05:05:07 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1DEF3A083B; Fri, 11 Sep 2020 05:05:06 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id v54so7586340qtj.7; Fri, 11 Sep 2020 05:05:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=60HFkN8WBEXfpRGsbtrSUoKklpshaCQfP1MPgjU111g=; b=gOpExrA59DNpuzo/D1IFfr641dxIib0mNcXvSxghXdCNB52AVn7s3EInAC6fC3jIBp uuJJAjTgZpW5b4Ver0MinpEwETEs/ZKxJAP4YSXwz0iW7Ya8Ia7O7cYPTfIjuVFrLl4F N/AFm1iMScUhQqop1RB4pOJZ3kFiNiI6b9UIHLSPXKj2Tm25yNm0eHF616Qx2nIutZAq OCRjRp/tplOpuDpGn1mia2zvu00nKK8tmE0ZxyoOYQE5fQaFi+eGhxidRuYDUAH3YqdK 6mupBx7QVLKz7+B49ymT2L7KVGh98sQLZ2BTstmqQc3FxWLzuqicrrQTa2M4p4grOzCB RX9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=60HFkN8WBEXfpRGsbtrSUoKklpshaCQfP1MPgjU111g=; b=r/hal6j9nzcEkN8vJNpHz3neIJuWV374vV/LBYFj+8Se61Vuhu5KGbRbtAu0pQJEA5 W9I6QdghMAKZSZn1WBEBpolgDI8qrZkqGomIWyJCRWuZPFhIwN7VUKKMSDjHLim+Fh4X 4BTrk+WSo7Xb4bKB1E0jCDMiG5ewGjeE0SE+ySw5ixi1JBFNPcVmEti9IPZdRFrGu/St N8FCLhKKdJDx+TahpRSFov9y8G5BkmSFNxpXxs6y02XsITjlP/PUpu8svO8big7g7N0q 2T0aFAHPy/tkbS8/shT86SySwh3OZEPvNThPWXchLopbZWrX0BUge+k1WHAznAa6ilMl kQkA==
X-Gm-Message-State: AOAM532nkvCM2VdVymFunE7tATaAMMogxmeKT4WuTJbhtgMEui+jxhpz X60LUz++UPBp5V2/TfN0YjuP9KW0XJ6eM3aV3yY=
X-Google-Smtp-Source: ABdhPJyhzLhQG6sMTOl+tEd0+I3XQMpcZ6xumOkarcz9eiHiBxPy01G5C1Au/ipJu1TmqQEfWMEopvofdAsDM9mhPP8=
X-Received: by 2002:ac8:5317:: with SMTP id t23mr1550654qtn.354.1599825905443; Fri, 11 Sep 2020 05:05:05 -0700 (PDT)
MIME-Version: 1.0
References: <81937b856c4a4a40b313ae6b9b7af97b@bayviewphysicians.com>
In-Reply-To: <81937b856c4a4a40b313ae6b9b7af97b@bayviewphysicians.com>
From: Dotzero <dotzero@gmail.com>
Date: Fri, 11 Sep 2020 08:04:54 -0400
Message-ID: <CAJ4XoYerEN8zeNqj72Rw_mk-4OMm2K_UrhOjHmbLAn=c96hOnA@mail.gmail.com>
To: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
Cc: "dmarc-chairs@ietf.org" <dmarc-chairs@ietf.org>, "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cbe9f105af087e17"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bO96LgJnrLCaI1rYK7I8sR-fqPw>
Subject: Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 12:05:09 -0000

This proposal is way outside the scope of DMARC and the scope of the effort
for this group. Let's not try to boil the ocean.

Michael Hammer

On Thu, Sep 10, 2020 at 6:51 PM Douglas E. Foster <fosterd=
40bayviewphysicians.com@dmarc.ietf.org> wrote:

> Recently, I have become worried about the risks associated with using my
> regular email on this list, especially since everything goes into a
> long-term archive.   I am wishing that I had subscribed using a disposable
> account.       A general safety principle is to limit how and when one's
> email address is released, because once it is released, it cannot be taken
> back.     There are a number of potential problems associated with
> releasing actual email addresses onto a mailing list.
>
> Address Harvesting
>
> Any subscriber could potentially be harvesting email addresses from the
> list, and forwarding them to a spam source.   The spammer can tune his
> attacks more closely using other information gathered from list posts,
> including the list area of interest and other information disclosed in the
> course of list discussions.   If the harvesting is occurring, list
> participants and list operators have no method for identifying and closing
> the leak.
>
> Badly Behaved Subscriber / Stalking
>
> If a subscriber starts behaving badly toward another member, particularly
> in some form of cyber-stalking, the list operator can discharge the
> perpetrator from the list.   Unfortunately, the discharge action does not
> cut off access to the victim, because the victim's personal email address
> has already been disclosed.
>
> Malicious Content filtering
>
> A well-run list will implement a variety of techniques to prevent hostile
> content from being distributed.    However, once personal addresses have
> been disclosed, a bad actor can bypass those filters by sending the same
> prohibited traffic directly to any subscribers who have posted to the list.
>    Consequently, the burden of defense remains on the recipient
> organization, because the list defenses are too easily evaded.
>
> List Spoofing
>
> A well-run mailing list is likely to breed an elevated level of trust
> among the participants.   As a result, a successful spoof of the mailing
> list is that much more likely to be successful.    To the recipient, the
> DMARC list is primarily identified by the subject tag and the IETF footer.
>   The absence of attachments and the text-only format are additional clues.
>   These are arguably "trust indicators", and we have discussed that trust
> indicators have limited effectiveness.    For example, many MUAs will make
> URLs in a text-only message into a clickable link, blurring the visual
> distinctiveness between text and html messages.    An attacker could
> potentially replicate the subject tag and footer, apply a non-DMARC
> address, and send it from his own server.    The incoming email filter is
> unlikely to have the sophistication to recognize that this format is only
> supposed to come from IETF, so the message is likely to be allowed and the
> users are at risk of being duped.
>
> The Alternative
>
> All of these problems can be avoided if the subscriber is given an alias
> at enrollment, and the alias is used for all messages relayed on the
> subscriber's behalf.    For this list, my alias could be
> DougF.dmarc@ietf.org.   Messages sent to an alias address must be
> submitted through the list operator, and the list manager should have logic
> to reject messages from a non-subscriber that are targeting a subscriber
> alias.
>
> Because the personal email address is only known to the list operator,
> harvesting is impossible.   Any aliases that are harvested from the list
> will be unusable by a spammer operating outside the list.
>
> For the same reason, if a misbehaving subscriber is ejected from the list,
> he immediately loses access to the people who were the victims of his
> actions.
>
> List spoofing becomes less effective as well.   Legitimate list messages
> can be validated using DMARC with p=reject on the list domain.    Spoofed
> messages that reach the user will not have a From address in the list
> domain and will not follow the pattern of list aliases.
>
> Overall, I conclude that mailing lists have much to benefit from
> intelligent use of DMARCv1 as previously specified.
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.46.0 | Report a Bug | By Email | System Status