Re: DMARC: perspectives from a listadmin of large open-source lists
Sabahattin Gucukoglu <listsebby@me.com> Tue, 15 April 2014 23:15 UTC
Return-Path: <listsebby@me.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2441A0062 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 16:15:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYXCvW2Z9jNu for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 16:15:00 -0700 (PDT)
Received: from st11p02mm-asmtp001.mac.com (st11p02mm-asmtpout001.mac.com [17.172.220.236]) by ietfa.amsl.com (Postfix) with ESMTP id 318511A0059 for <ietf@ietf.org>; Tue, 15 Apr 2014 16:15:00 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from [192.168.1.6] (natbox.sabahattin-gucukoglu.com [213.123.192.30]) by st11p02mm-asmtp001.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0N4300C7EHWNP350@st11p02mm-asmtp001.mac.com> for ietf@ietf.org; Tue, 15 Apr 2014 23:14:50 +0000 (GMT)
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
From: Sabahattin Gucukoglu <listsebby@me.com>
In-reply-to: <534DB093.5020507@qti.qualcomm.com>
Date: Wed, 16 Apr 2014 00:14:47 +0100
Message-id: <763CF376-1776-489A-A97E-FB65E77214BF@me.com>
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <1EBDF5239EEE5202D3837D25@JcK-HP8200.jck.com> <534B9760.90301@dougbarton.us> <6C80882F19CCEDFE15E987CA@JcK-HP8200.jck.com> <534BEF75.5060804@bbiw.net> <534DB093.5020507@qti.qualcomm.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
X-Mailer: Apple Mail (2.1510)
X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaGBEKTEMXGx0EGx0YBBIZBBsTEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hjeREKQ04XSxseGmJCH2luHBkTGXhzB xlsGBkbHkUYEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxMQGx4aHxsRCl5ZF2FNGGN sEQpMRhdia2sRCkNaFxgbGQQbGBkEGxMYBBkaEQpEWBceEQpESRceEQpCRRdmUH1dH21kGgVIY xEKQk4XbHBgeUAdYlJpGmIRCkJMF2dJH215aRh+ckJNEQpCbBdlaGUYbU0cGENGThEKQkAXb0J QXX1NaX4dG1ARCnBnF2hzTGleXXpOZRNTEQpwaBdiXlt/bVtnekgBQhEKcGgXY0xGUBwbRBlYX BgRCnBoF2ZvaGFhfnt+BRx9EQpwaBdsRmNmHFplQ3MYchEKcGgXaEJdem5jT2F4fAERCnBsF2t mTmtBZV9mU2cBEQpwTBdgeXxlWWYebkQbQxE=
X-CLX-Spam: false
X-CLX-Score: 1011
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96, 1.0.14, 0.0.0000 definitions=2014-04-15_03:2014-04-15, 2014-04-15, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404150387
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/2egdtyAKhFi2vFqoKBNXqzw3dBY
Cc: John C Klensin <john-ietf@jck.com>, Dave Crocker <dcrocker@bbiw.net>, "ietf@ietf.org list" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 23:15:05 -0000
On 15 Apr 2014, at 23:20, Pete Resnick <presnick@qti.qualcomm.com> wrote: > On 4/14/14 9:23 AM, Dave Crocker wrote: >> Mediators, like mailing lists, take final delivery and post a new message. In formal terms, it's legitimate for them to create a different rfc5322.From field, including one that looks like some sort of 'rewrite' of the one used by the original author. > > It's legitimate for a mailing list to rewrite the author, but it would be wrong. :-) > > More seriously: If the mailing list wishes to express that I am the author of *this message*, then I belong in the "From:" field. That differs semantically from forwarding a message authored by me; then the list is saying that the list is the author, and it is simply quoting me, but that the list is the entity that should be considered to have written the message. For most mailing lists, that seems like the wrong semantics to try to convey. > > There should be a mechanism for an author to send a message to a mailing list, granting the mailing list permission to redistribute that message, and have that permission conveyed to the mailing list recipient such that when the mailing list recipient receives the message, they can assure themselves that the originating domain is OK with that redistribution. Sounds like some protocol which could be written. > > (If the originating domain is expressly *not* OK with the redistribution, the mailing list should bounce the message back to the author saying as much.) That suffers the same problems as X-O-A-R: you have to know when to trust the intermediate. In the absence of that knowledge, any message transformation is invisible to the recipient, and potentially malicious. You would have to invent a scheme for identifying transformations, so users could verify them against the original sender's signature. DMARC has put *ALL* the trust into the From: field. That is very unfortunate, but it seems to be the DMARC peoples' idea of a foolproof, user-visible identifier. Cheers, Sabahattin
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- DMARC: perspectives from a listadmin of large ope… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- RE: DMARC: perspectives from a listadmin of large… Alex Ojeda
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- RE: DMARC: perspectives from a listadmin of large… l.wood
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Mailman 2.1.16 [DMARC: perspectives from a listad… Brian E Carpenter
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: protecting the Internet from DMARC damage, wa… John Levine
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- RE: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Douglas Otis
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: protecting the Internet from DMARC damage, wa… MH Michael Hammer (5304)
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: protecting the Internet from DMARC damage, wa… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: protecting the Internet from DMARC damage, wa… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Let's talk (was: DMARC: perspectives from a lista… S Moonesamy
- (DMARC) Why mailing lists are only sort of special John R Levine
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John R. Levine
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: Let's talk (was: DMARC: perspectives from a l… S Moonesamy
- Re: Let's talk (was: DMARC: perspectives from a l… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: (DMARC) Why mailing lists are only sort of sp… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… tytso
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Mark Andrews
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Martin Rex
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: (DMARC) Why mailing lists are only sort of sp… MH Michael Hammer (5304)
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… Michael Richardson
- Re: (DMARC) Why mailing lists are only sort of sp… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… John Levine
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) How a whitelist would work, was Why m… Yoav Nir
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Brian E Carpenter
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- [off-off-track] Re: (DMARC) We've been here befor… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Alessandro Vesely