Re: DMARC: perspectives from a listadmin of large open-source lists

John C Klensin <john-ietf@jck.com> Mon, 14 April 2014 09:15 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8AE51A0297 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 02:15:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.973
X-Spam-Level:
X-Spam-Status: No, score=-0.973 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4aJteSvzQG4 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 02:14:56 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id 5F2171A0106 for <ietf@ietf.org>; Mon, 14 Apr 2014 02:14:56 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1WZcyb-0004Y1-I6; Mon, 14 Apr 2014 05:14:53 -0400
Date: Mon, 14 Apr 2014 05:14:48 -0400
From: John C Klensin <john-ietf@jck.com>
To: Doug Barton <dougb@dougbarton.us>, ietf@ietf.org
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
Message-ID: <6C80882F19CCEDFE15E987CA@JcK-HP8200.jck.com>
In-Reply-To: <534B9760.90301@dougbarton.us>
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <1EBDF5239EEE5202D3837D25@JcK-HP8200.jck.com> <534B9760.90301@dougbarton.us>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.115
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/3IqG9zOjQdk36tgzakCUyDqnjiE
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 09:15:01 -0000

--On Monday, April 14, 2014 01:08 -0700 Doug Barton
<dougb@dougbarton.us> wrote:

>> But this takes us back to Ned's point (or at least my
>> interpretation of it): it is lots easier to fix a bad DMARC
>> config, ignore restrictive DMARC specifications, or even to
>> abandon DMARC entirely, than it is to believe that we can
>> upgrade every MTA and MUA on the network to start accepting
>> percent hacks, bang paths, or the syntax characters used to
>> denote them, again.  Or any other strange local-part syntax
>> anyone is likely to come up with, e.g., perhaps we could use
>> plus signs, hyphens, or appropriately-escaped backslashes.  Or
>> we could steal "/" and "=" back from X.400 gateways.  Right.
> 
> Well + is out, since that's used by various local filtering
> solutions.

Doug, I think you are missing my, and probably John Levine's,
attempts at humor.   Let me spell it out:

The point was the "+" is used in local filtering and, perhaps
more generally, as subaddresses with all sorts of applications.
Both "%" and "!", along with <@a:x@y>, were, at different points
and gateways to different systems, mail routing mechanisms that
are now sufficiently deprecated and/or rare that many
intermediate MTAs will singly reject or drop messages containing
them.  "/" and "=" were used on the local part of addresses
bound for, or coming from, X.400 gateways and many systems will
reject (or possibly) drop messages with local parts in which
they appear but that don't conform to that gateway syntax...
except that "/" may also designate delivery to a file and "//"
may be a piece of ancient JCL. 

It isn't just the MTAs: Some POP and IMAP client MUAs will trash
this stuff too.  As with the MTAs, using these sorts of trick
conventions without disrupting the existing mail systems,
including those that don't pay any attention to DMARC or DKIM
headers and hence are unaffected by the problem, requires that
everything be upgraded and upgraded more or less on a flag day
basis.  

There is a strong rule in RFC 5321 and its predecessor
forbidding anything but the final delivery system from rewriting
a local-part and it is there precisely because one doesn't know
what sorts of conventions and indicates were begin used there. 

The bottom line is that trying to work around this by a trick
syntax convention is really hard, unlikely to succeed, and quite
likely to result in legitimate messages disappearing and/or
breaking existing conforming systems.  

> But your point is well taken ... the "right" answer may be to
> fix or discard DMARC, I honestly don't know. But in a world
> where DMARC is here to stay, or if not DMARC then some other
> anti-spam solution that breaks mailing list forwarding; and in
> that same world where mailing list traffic is negligible (and
> therefore the cost of breaking mailing lists is in the noise
> compared to the benefits of deploying said anti-spam solution)
> it's incumbent on the mailing list software folks to solve
> this problem.

I'm going to risk more humor and suggest that everyone who
believes that mailing list traffic is negligible and the cost of
breaking them is in the noise should be immediately unsubscribed
from all IETF-related lists, including this one.

best,
    john