Re: [dmarc-ietf] DMARC-Compliant Mailing Lists

Douglas Foster <dougfoster.emailstandards@gmail.com> Fri, 15 October 2021 22:37 UTC

MIME-Version: 1.0
References: <20211006233727.24C1429DC897@ary.qy> <56B7A1D4-B683-47D3-8871-2A1F283FA464@wordtothewise.com> <c1e199f1-0c91-9c39-1479-e9ba76af493e@tana.it> <2290129.80B3yH0EHm@zini-1880> <CALaySJJ3Neo6hgEJJ80g-H4vFMJ5Y-Fc=to4R8=sa9-3pg3zgg@mail.gmail.com> <CAH48Zfw81292FOXoSK9xDpG-zo9-r58Dne4Uwy+oi1SFSN_0pA@mail.gmail.com> <B379D307-9394-4FA5-8658-077354756639@kitterman.com> <CAH48ZfzVdMD=R00GJ+hsmYESbzS1wZ+5MvAVoRb=cG4fjBUpaw@mail.gmail.com> <CALaySJJ60Vi-Ex65DwHy0bBiH13vx5qm_hTLoCdVQqEWE=ENdA@mail.gmail.com> <CAH48Zfw4B1nv70x6YG-yOz6=7ECBsfr2uKdSz7_OgOCLrPJ1BQ@mail.gmail.com> <86bd8dab-fefa-fa1c-93c0-fda1749670c4@tana.it> <CAH48ZfwaNdUu3561JUfaGsXhLYJg1M_=ndUuKULN50=-YpCeLA@mail.gmail.com> <CAL0qLwYjjWcrKkY6HQ9uuWcorPbhnZ8-HZOkwH7qg=+Y2tREFg@mail.gmail.com>
In-Reply-To: <CAL0qLwYjjWcrKkY6HQ9uuWcorPbhnZ8-HZOkwH7qg=+Y2tREFg@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Fri, 15 Oct 2021 18:36:13 -0400
Message-ID: <CAH48Zfz-TLEnsk1pRZ3GnWumgAQj3dnETA7wtYyyG-8qRW4m5g@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000041ea4b05ce6bd33d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/sxwRT5-s1dsubB00liqYQDbp-ko>
Subject: Re: [dmarc-ietf] DMARC-Compliant Mailing Lists
Precedence: list

To be completely clear about Murray’s concern:

There are three possible strategies for lists to handle postings from
DMARC-enforcing subscriber domains:

-          Never rewrite From

-          Conditional – rewrite From if required by evaluator

-          Always rewrite From

Similarly, there are three relevant security postures for evaluators:

-          Always block on DMARC Fail
-          Exempt my list from DMARC fail
-          Never block on DMARC FAIL

We can construct a grid showing the possible outcomes

             \ ---------  Evaluator Policy ---------------
List Policy   \   Block Fails | List Exempt | Ignore DMARC|
---------------+--------------+-------------+-------------+
Never Rewrite  |  Blocked*    | OK w/o Mung | OK w/o Mung |
---------------+--------------+-------------+-------------+
Conditional    | OK with Mung | OK w/o Mung | OK w/o Mung |
---------------+--------------+-------------+-------------+
Always Rewrite | OK with Mung | Wasted Mung*| Wasted Mung*|
---------------+--------------+-------------+-------------+

Asterisks indicate inferior outcomes.

As in all of life, some actionable information is better than none, as long
as the actionable information is used to take action.  Consequently,
the Conditional
strategy will always outperform a strategy based on no information.

Note that the Conditional strategy is superior even if no evaluators make
exceptions for the list.  Superior outcomes are achieved with as little as
one recipient domain with actionable information.

The Conditional strategy is also superior even though complete information
will not be available.  All that is needed for a win is to have SOME
information.   It just requires a list that is willing to collect and use
actionable information.


Doug Foster

On Thu, Oct 14, 2021 at 12:48 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Tue, Oct 12, 2021 at 4:42 AM Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
>> Under a collaboration solution, the subscriber goes to her email support
>> and says,"I joined list X, and they say that for the best user experience,
>> we need to configure a whitelist entry to bypass >From Filtering on
>> messages from one SPF-verified SMTP address.    Then I need to give them a
>> response whether this change has been implemented or not."
>>
>> Under an unmunging solution, the subscriber conversation is more like
>> this, "I joined list X, and they say that for the best user experience, we
>> need to configure an unmunging MTA.   Hope this is not too much trouble.  I
>> hope you can get this implemented quickly."
>>
>
> It feels to me like an arrangement like this can't scale well.  Given
> millions of users at a single email service provider, even a fraction of a
> percent of those joining lists means thousands of people have register with
> the MTA in some way.  This causes two problems:
>
> a) Many users will forget, many others will be confused by the process
> since they've never had to do that before; you should expect that all of
> those will complain, screw it up, or both.
>
> b) Teaching an MTA to use a configuration file with that scale of entries
> seems like it would be a beast.  Large scale infrastructures can possibly
> handle something like that, and boutique operators only have to do it for
> their small handful of users, but the space in between could be pretty
> unpleasant.
>
> -MSK
>

[dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Baptiste Carvello
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Baptiste Carvello
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Laura Atkins
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Laura Atkins
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Barry Leiba
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Baptiste Carvello
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Murray S. Kucherawy
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Barry Leiba
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Benny Pedersen
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Definitely Alessandro Vesely no question
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Benny Pedersen
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] bad senders, was DMARC-Compliant… John Levine
Re: [dmarc-ietf] Oh, the mail, it is a-changin', … John Levine
Re: [dmarc-ietf] Oh, the mail, it is a-changin', … Dave Crocker
Re: [dmarc-ietf] Oh, the mail, it is a-changin', … John R Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] Oh, the mail, it is a-changin', … Dave Crocker
Re: [dmarc-ietf] Oh, the mail, it is a-changin', … John R Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Grant Taylor
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John, come on
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Barry Leiba
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Laura Atkins
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Baptiste Carvello
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Murray S. Kucherawy
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Joseph Brennan
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Grant Taylor
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Baptiste Carvello
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Scott Kitterman
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists John Levine
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Benny Pedersen
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Douglas Foster
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Baptiste Carvello
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Dave Crocker
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Benny Pedersen
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Benny Pedersen
Re: [dmarc-ietf] DMARC-Compliant Mailing Lists Alessandro Vesely