Re: [ietf-822] WSJ/gmail/ML, was a permission to...

Michael Richardson <mcr@sandelman.ca> Sun, 04 May 2014 19:28 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CCD11A0161 for <ietf-822@ietfa.amsl.com>; Sun, 4 May 2014 12:28:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zppRY33gEQMa for <ietf-822@ietfa.amsl.com>; Sun, 4 May 2014 12:28:43 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3::184]) by ietfa.amsl.com (Postfix) with ESMTP id 2B86A1A01B5 for <ietf-822@ietf.org>; Sun, 4 May 2014 12:28:43 -0700 (PDT)
Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 30C8C20028; Sun, 4 May 2014 15:30:04 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id D5C0A63ABD; Sun, 4 May 2014 15:28:39 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id C2BF563AB6; Sun, 4 May 2014 15:28:39 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Bart Schaefer <barton.schaefer@gmail.com>
In-Reply-To: <CABkvzctXVrDiy_GkkAPPOe6gJu22LjxRjOQotzXFqrd3-XnpYA@mail.gmail.com>
References: <5da0fca6-7eb3-4db6-8a71-16fce69e67e6@gulbrandsen.priv.no> <20140504140818.1545.qmail@joyce.lan> <01P7EMAI2KGG000052@mauve.mrochek.com> <alpine.BSF.2.00.1405041130500.1550@joyce.lan> <CABkvzctXVrDiy_GkkAPPOe6gJu22LjxRjOQotzXFqrd3-XnpYA@mail.gmail.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 04 May 2014 15:28:39 -0400
Message-ID: <11901.1399231719@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/WS_P1sU1_AiJKQWgOkyK9JtV1Lg
X-Mailman-Approved-At: Sun, 04 May 2014 15:46:55 -0700
Cc: ietf-822@ietf.org
Subject: Re: [ietf-822] WSJ/gmail/ML, was a permission to...
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 19:28:44 -0000

Bart Schaefer <barton.schaefer@gmail.com> wrote:
    > Then the problem boils down to impersonating both an individual sender
    > and a list to which he is supposedly subscribed.   If a List-ID is
    > present and the list exploder has re-DKIM-signed the message, a DMARC
    > check that the message really did come through the list exploder should
    > be enough?

Spammers started using mailing archives to find out *EXACTLY* this, in order
to forge From: lines that would get into mailing list filters.  I first saw
this a few years ago.  I'm not sure why it hasn't become a bigger problem.

DMARC processing on input to mailing lists certainly would help there.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [