Re: [ietf-822] WSJ/gmail/ML, was a permission to...

"John Levine" <johnl@taugh.com> Sun, 04 May 2014 19:26 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C101A01C2 for <ietf-822@ietfa.amsl.com>; Sun, 4 May 2014 12:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.043
X-Spam-Level: *
X-Spam-Status: No, score=1.043 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27oj9Jola5cH for <ietf-822@ietfa.amsl.com>; Sun, 4 May 2014 12:26:56 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id DBCC31A01B5 for <ietf-822@ietf.org>; Sun, 4 May 2014 12:26:49 -0700 (PDT)
Received: (qmail 16019 invoked from network); 4 May 2014 19:26:44 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 4 May 2014 19:26:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=98e.53669474.k1405; i=johnl@user.iecc.com; bh=H+iR1g1mJyeI9Ni8Ffdu2z+KwfIStfx/J1bm0J2iJP0=; b=NNpUIlHKRWPnt/0eKXFGmPhdv7tEQiRlQDdg8KZCHlf27vOeUGTUvYnua8tUTSo/9W3qddrYQjgBEv5x8JJ7sKf9iJFWCN6Wx2mLIscXGDWGjpeiEDtUSeQqsMe/gCYJNQJp5SeA1GrpSemF8PapBAiZaqAsUkFEJSPq8DynkEyvK83RIGgT+OjGmGAnhqnQVIV4+E6boNvfDeMXOf2sRudet1OIc/w89oqztHcjn/skv8RlbaTdobqh75FMq292
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=98e.53669474.k1405; olt=johnl@user.iecc.com; bh=H+iR1g1mJyeI9Ni8Ffdu2z+KwfIStfx/J1bm0J2iJP0=; b=HOejblCPn0pEZxL7T/e7Bs4RVgr/riLX7jKhE2/wp8CqoV/xMyOz7HohHNFcM/bgXQsAdDRdvZPRZn6IPo7vyVNZYvkLa0JDija0FKzgm7+jYlzKFEpcV/m5XQ5Mtq5RPLpeLxC8XZiTv21WBGUtD5tQB6wBzkdC7uA1NC92ntJc0n1aLuPvA8XDrPQv5KAfiI01uYRYjhpqGlV/DiYSpwMp9I9xh+tibppnc7ftbumStI3vYiF1wMwabLvfpW6C
Date: Sun, 04 May 2014 19:26:22 -0000
Message-ID: <20140504192622.2445.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: ietf-822@ietf.org
In-Reply-To: <CABkvzctXVrDiy_GkkAPPOe6gJu22LjxRjOQotzXFqrd3-XnpYA@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/SE6wG2bE3JvLg2_8mF_O3j6eJWU
Cc: barton.schaefer@gmail.com
Subject: Re: [ietf-822] WSJ/gmail/ML, was a permission to...
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 19:26:57 -0000

>> Currently, I agree with you.  But if List-ID always meant to skip the
>> DMARC rejection checks, how long would it take for every paypal.com phish
>> to include a List-ID?  Presumably competent filters would subsequently
>> catch it, but it would make DMARC, which is intended to be a cheap
>> anti-phish technique, totally pointless.
>
>For paypal and other institutional senders, wouldn't it suffice to have a
>special DMARC policy that forbids mailing lists from forwarding messages?

I think this leads to an infinite regress.  AOL and Yahoo have a real
problem: crooks broke in and stole people's address books, and are now
sending spam from AOL and Yahoo addresses to recipients in the users'
own address books.  Spammers are not totally stupid, and if is a
flavor of DMARC they could bypass with a List-ID, they'll add a
List-ID.  Even worse, since the volume of spam is vastly greater than
the volume of legitimate mail, most mail with List-ID would be spam,
and it would perversely become a fairly good spam indicator.  If
you've seen the X-Anti-Abuse header added by web hosting control
panels, it's suffered the same fate since spammers have figured out
how easy it is to break into dusty blog and CMS sites and spam from
them.

The basic problem here is that anything a list can do to say "I am a
list", a spammer can do, too.  You can only make credible assertions
to decrease the reputation of your mail, e.g. SPF's if it's not one of
these IPs, it probably isn't me, or to say "this is really from me", so
people can apply whatever opinion they already have of you.

The permission to forward hack is a little different since it's not
the list making the assertion, it's the list in combination with the
original sender, applicable to one specific address via one forwarder
for a limited time.

R's,
John