IETF Logo Mail Archive

RE: DMARC and yahoo

Christian Huitema <huitema@microsoft.com> Mon, 21 April 2014 01:00 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FBCA1A00ED for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 18:00:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iB_JthaGRjLv for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 18:00:23 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0206.outbound.protection.outlook.com [207.46.163.206]) by ietfa.amsl.com (Postfix) with ESMTP id A21181A00FE for <ietf@ietf.org>; Sun, 20 Apr 2014 18:00:23 -0700 (PDT)
Received: from BLUPR03MB424.namprd03.prod.outlook.com (10.141.78.152) by BLUPR03MB422.namprd03.prod.outlook.com (10.141.78.143) with Microsoft SMTP Server (TLS) id 15.0.921.12; Mon, 21 Apr 2014 01:00:18 +0000
Received: from BLUPR03MB424.namprd03.prod.outlook.com ([10.141.78.152]) by BLUPR03MB424.namprd03.prod.outlook.com ([10.141.78.152]) with mapi id 15.00.0921.000; Mon, 21 Apr 2014 01:00:18 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Doug Barton <dougb@dougbarton.us>, "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: DMARC and yahoo
Thread-Topic: DMARC and yahoo
Thread-Index: AQHPWQufPRozOu2//Em9ol77DALEOZsTcnaAgAARHwCAAAQmgIAHOCWAgAAJZwCAAEI4AIAAOEyw
Date: Mon, 21 Apr 2014 01:00:17 +0000
Message-ID: <0da8874469c14960a6b21719ebd4770b@BLUPR03MB424.namprd03.prod.outlook.com>
References: <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534D9C2C.8010606@gmail.com> <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com> <20140416012205.GC12078@thunk.org> <24986.1397615002@sandelman.ca> <20140416023813.GA21807@thunk.org> <C8A2B0B4-5FA4-4BFE-AECE-C61667ECF2FB@secure-endpoints.com> <4948F093F369F051CAF0B810@[192.168.1.128]> <53543ADA.8010204@dougbarton.us>
In-Reply-To: <53543ADA.8010204@dougbarton.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [24.16.156.113]
x-forefront-prvs: 0188D66E61
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(199002)(51704005)(4396001)(99286001)(99396002)(19580405001)(19580395003)(83322001)(50986999)(76176999)(54356999)(77096999)(80976001)(77982001)(92566001)(85852003)(20776003)(79102001)(66066001)(80022001)(74502001)(74662001)(31966008)(86362001)(15202345003)(86612001)(74316001)(81342001)(81542001)(46102001)(33646001)(76576001)(15975445006)(76482001)(83072002)(2656002)(87936001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR03MB422; H:BLUPR03MB424.namprd03.prod.outlook.com; FPR:FCDCF5D9.F1A9C05.2B559DCB.4AF5BD61.20290; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/2DVUZ8Ev-GPh8YT1PueMq_c9eXE
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 01:00:28 -0000

> The issue with @yahoo.com and DMARC is not the @yahoo.com users' ability 
> to receive mail, it's their ability to send mail to the list with From: 
> *@yahoo.com and have it be received by list subscribers who implement 
> strict DMARC policies which honor Yahoo!'s p=reject.
>
> It's not clear how setting the @yahoo.com users to digest mode helps 
> this situation at all.

It probably does not. Trying analyze the various positions with a cool head, the obvious conclusion is that hard problems don't have easy answers.

The current mailing list practice has the mailing list as sender, and the original message composer described in the From field. The receiver sees something like:

   Sender: ietf <ietf-bounces@ietf.org> 
   From: Christian Huitema <huitema@microsoft.com> 
   …

Of course, that particular construct could easily be abused. A phishing message does not differ much from a mailing list message:

   Sender: postmaster <postmaster@phishing-domain.com> 
   From: Christian Huitema <huitema@microsoft.com> 
   …

I understand that the DMARC "alignment" policy is meant to protect against that by requesting that sender domain and from field match. The problem is that a mailing list would then have to invent a new from field, letting the recipient see something like:

   From: Christian Huitema <ietf-christian-huitema@ietf.org>
   Reply-To: Christian Huitema <huitema@microsoft.com>
   …

The obvious issue is that this particular construct is also quite friendly to phishing. The phishing message would look like:

   From: Christian Huitema <christian-huitema@phishing-domain.com>
   Reply-To: Christian Huitema <huitema@microsoft.com>
   …

If we teach users to ignore the bizarre email address for the mail list messages, we are also teaching them to ignore the bizarre email address in the phishing messages. I doubt that this was the intent of the DMARC authors. 

-- Christian Huitema

(I wrote a longer version of this email at http://huitema.wordpress.com/.)

v2.23.0 | Report a Bug | By Email