Re: [IETF] DMARC methods in mailman
Theodore Ts'o <tytso@mit.edu> Mon, 26 December 2016 20:52 UTC
Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD7A1294A0 for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 12:52:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thunk.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2BeCr3Aa1E7 for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 12:52:52 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC762129475 for <ietf@ietf.org>; Mon, 26 Dec 2016 12:52:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=d3xMyyxjHCpZbsQN/eaMMpx/6qL5+VZrBBh15ZJar+M=; b=TcZ4gkh4o5CYShpwvARkVJKh5JU3W8cIDZjwK+TgTsNat6A6eeaC+8Ch1w36+K5H/JTvDpWjO1N0sESp/SZaFM6U5Bs6ybZ1tNdHoxeZWMEpkzreOpah9ohz6J7WfPSEisYHMuo6Vek0JJYb5eurE4GMyEphauTTR9KC7N+8CFM=;
Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.84_2) (envelope-from <tytso@thunk.org>) id 1cLcGJ-0000rO-Ip; Mon, 26 Dec 2016 20:52:51 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806) id 2CD52C00230; Mon, 26 Dec 2016 15:52:49 -0500 (EST)
Date: Mon, 26 Dec 2016 15:52:49 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: IETF general list <ietf@ietf.org>
Subject: Re: [IETF] DMARC methods in mailman
Message-ID: <20161226205249.rneaenhh5c2dcpz4@thunk.org>
References: <m1cKvWY-0000HFC@stereo.hq.phicoh.net> <EA2191A9-CF62-4984-8275-E0295A207237@gmail.com> <35FC8FF8-A4E6-423F-994C-304B4B3AAF94@dukhovni.org> <20161226144901.f4ym2d6bzz5zxafp@thunk.org> <144FA12E-E647-4F3B-9E5F-8A21213D2678@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <144FA12E-E647-4F3B-9E5F-8A21213D2678@dukhovni.org>
User-Agent: NeoMutt/20161126 (1.7.1)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/0HqAdIbpNBp4hEBzGPuKKn645Kw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2016 20:52:54 -0000
On Mon, Dec 26, 2016 at 01:31:28PM -0500, Viktor Dukhovni wrote: > > On Dec 26, 2016, at 9:49 AM, Theodore Ts'o <tytso@mit.edu> wrote: > >> The need for email origin authentication to specify that "Sender" preempts > >> "From" has been well understood for a long time before there there was DMARC. > >> If there is to be a non-broken replacement, it must correct this design error > >> and place the "burden" of dealing with that on any MUAs that fail to display > >> Sender (as e.g. from <sender> on behalf of <author>). > > > > But if MUA's do this, then it becomes trivial to phish consumers, > > which was the original excuse for DMARC. So if MUA's do this, > > eventually Yahoo and the other big mail providers will promulgate a > > non-standard "fix" that will bounce message with Sender lines that > > aren't equal to the From field. And then what will you do? > > You're still operating under the false assumption that DMARC's purpose > is to solve phishing. It's real purpose (at Yahoo et. al.) is to reduce > support desk workload at the sending domain. Any minimal efficacy at > reducing phishing is entirely incidental. > > Anyway, there's no additional phishing risk. One of the few things > that Outlook does right is display both Sender and From, as > > <sender> on behalf of <author>. > > If the DMARC replacement authentication (via DKIM's d= or similar > is then applied to <sender>, there's no new phishing risk. By that argument, there's no excuse for the big mailer providers for bouncing List mail because of DMARC. They could just reference the List-ID field, and display something like this: <From> via mailing list <list-id header contents> But they don't do this. Why, pray tell? And is this a reason for them not prusueing your suggestion? Why aren't they doing this instead of waiting and hoping ARC will solve the problem? Maybe because users are clueless enough that they would still be getting confused? - Ted
- Re: [IETF] DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Theodore Ts'o
- Re: DMARC methods in mailman Randy Bush
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman John R Levine
- Re: DMARC methods in mailman S Moonesamy
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman Theodore Ts'o
- Re: DMARC methods in mailman S Moonesamy
- Re: DMARC methods in mailman Alexey Melnikov
- DMARC stats for IETF mailing lists (was DMARC met… Alexey Melnikov
- Re: DMARC methods in mailman S Moonesamy
- RE: DMARC methods in mailman Christian Huitema
- Re: DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Randy Bush
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Philip Homburg
- Re: [IETF] DMARC methods in mailman Yoav Nir
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Ted Lemon
- Re: [IETF] DMARC methods in mailman tom p.
- Re: [IETF] DMARC methods in mailman Patrik Fältström
- Re: [IETF] DMARC methods in mailman Philip Homburg
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman John C Klensin
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman John Levine
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- RE: [IETF] DMARC methods in mailman Christian Huitema
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman S Moonesamy
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman John C Klensin
- Re: [IETF] DMARC methods in mailman Dave Crocker
- RE: [IETF] DMARC methods in mailman Christian Huitema
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni