Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC
"Murray S. Kucherawy" <superuser@gmail.com> Sun, 13 September 2020 01:43 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C33E63A0869 for <dmarc@ietfa.amsl.com>; Sat, 12 Sep 2020 18:43:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVFNKHrYTIWx for <dmarc@ietfa.amsl.com>; Sat, 12 Sep 2020 18:43:22 -0700 (PDT)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0153D3A0855 for <dmarc@ietf.org>; Sat, 12 Sep 2020 18:43:21 -0700 (PDT)
Received: by mail-ua1-x92a.google.com with SMTP id w3so80396uad.12 for <dmarc@ietf.org>; Sat, 12 Sep 2020 18:43:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vPQR9HLB5SlI8FpEINRVyF4B8BCrxJwUZFJvrsNPO0c=; b=iHddKC6OV+jyL/i6pRj3ncXBI4qX5GDgZirIGLM/tiU65Auf3321VcNEu3eJI2gnmv PokP2pD3IlcHzAc3vQvmpPYSiKRltGKqOVKNt1+lERAvexP7sxiTxItPSPiGVBnKr3gS K/mrQD53JqPY2jQpZdhrs+80lIgY/FUBrruZ5SQuITjfsV7mg5DZRbahC1Xyo6wlu+E5 /FqPAdlpfrijgZrF/XdhJQrnGFQjzRnQYqnfpGP74nhG/APG4dYf4n5bW5z4kNfoJNkY I6YYRGSNqMEMhvXVsH8XCvS8Z0Lh3S7lcR5Xiss6k4xpUAizYQDHPoE0pH2BgQbFr541 7btg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vPQR9HLB5SlI8FpEINRVyF4B8BCrxJwUZFJvrsNPO0c=; b=PJdPdgMeUMIEU7tYtr5lY4wZrjIGAEqHTAeYtF8T+6bl844CnvqFg0smKzj/NgWgq/ +8/3OIQ03CLeWcpAuDgXpNrq9RcVgJhXCxLsB/nteqnaxWdnVt29JUm7ieg5Zrjg3Lae YrOaJl8q9BaUw69kBecm5qPd6ueWQKCVepTlwvlmrzhlIRUsmkpKPpf/3LjIb/zcVfyY DDP8rTaFPV6Kmcc+W8DahAqtoLIGdTYY2dHieNvI2pLZH6/L6VYPjTiqTXAdAO+t6oh+ 8tMKD8xhxbzWhDdf/dNkVwr4LXbOPf1J0z82krNybm69MhKPfN/UpuXnZ08U7tgP5lcg JhxA==
X-Gm-Message-State: AOAM5328s52xEeX83Mwwp9f5Pppdkz2a8SFWQ/Cdf5gqvM2OFpsqiJZs aFM0/H2Ktg5vFG/0U8lbKGySszAlt0JP/ZcxC/2+uI2RR1I=
X-Google-Smtp-Source: ABdhPJxm/5Ch7VwubrlT/yvMA6CPIEnDbkYtuB+u5ctAzVzGCBRJP+xb9VMBkDbPvdHFr3PKrSCGK86rL2d00R7R+ls=
X-Received: by 2002:a9f:26a5:: with SMTP id 34mr4516353uay.67.1599961400847; Sat, 12 Sep 2020 18:43:20 -0700 (PDT)
MIME-Version: 1.0
References: <81937b856c4a4a40b313ae6b9b7af97b@bayviewphysicians.com> <CAL0qLwbBnA62qV=9yTRWp5VSPAke75c=XesHqYgGfX_WBDog8Q@mail.gmail.com>
In-Reply-To: <CAL0qLwbBnA62qV=9yTRWp5VSPAke75c=XesHqYgGfX_WBDog8Q@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sat, 12 Sep 2020 18:43:07 -0700
Message-ID: <CAL0qLwZEDNT+LZDMrzecSuTD794jn0CoXRA5FG=rk6QJXO5Hyg@mail.gmail.com>
To: Doug Foster <fosterd@bayviewphysicians.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f3b54105af280a2d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/nwnJ9qkD21xg7z00VT25oCqkdlQ>
Subject: Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2020 01:43:24 -0000
While I'm thinking of it: On Sat, Sep 12, 2020 at 6:11 PM Murray S. Kucherawy <superuser@gmail.com> wrote: > On Thu, Sep 10, 2020 at 3:51 PM Douglas E. Foster <fosterd= > 40bayviewphysicians.com@dmarc.ietf.org> wrote: > >> The Alternative >> >> All of these problems can be avoided if the subscriber is given an alias >> at enrollment, and the alias is used for all messages relayed on the >> subscriber's behalf. For this list, my alias could be >> DougF.dmarc@ietf.org. Messages sent to an alias address must be >> submitted through the list operator, and the list manager should have logic >> to reject messages from a non-subscriber that are targeting a subscriber >> alias. >> > How does this compare to what's done here already (if enabled)? https://wiki.list.org/DEV/DMARC -MSK
- [dmarc-ietf] Issue submission - Mailing list secu… Douglas E. Foster
- Re: [dmarc-ietf] Issue submission - Mailing list … Alessandro Vesely
- Re: [dmarc-ietf] Issue submission - Mailing list … Dotzero
- Re: [dmarc-ietf] Issue submission - Mailing list … Douglas E. Foster
- Re: [dmarc-ietf] Issue submission - Mailing list … Murray S. Kucherawy
- Re: [dmarc-ietf] Issue submission - Mailing list … Murray S. Kucherawy
- Re: [dmarc-ietf] Issue submission - Mailing list … John Levine
- Re: [dmarc-ietf] Issue submission - Mailing list … Joseph Brennan
- Re: [dmarc-ietf] Issue submission - Mailing list … John Levine
- Re: [dmarc-ietf] Issue submission - Mailing list … Joseph Brennan
- Re: [dmarc-ietf] Issue submission - Mailing list … Alessandro Vesely
- Re: [dmarc-ietf] Issue submission - Mailing list … Dotzero
- Re: [dmarc-ietf] Issue submission - Mailing list … Joseph Brennan
- Re: [dmarc-ietf] Issue submission - Mailing list … Doug Foster
- Re: [dmarc-ietf] Issue submission - Mailing list … Alessandro Vesely