Re: DMARC: perspectives from a listadmin of large open-source lists

"John Levine" <johnl@taugh.com> Mon, 14 April 2014 02:50 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 622921A031C for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 19:50:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.343
X-Spam-Level: **
X-Spam-Status: No, score=2.343 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvdv_lQqpc3L for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 19:50:21 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id 1F74B1A0309 for <ietf@ietf.org>; Sun, 13 Apr 2014 19:50:20 -0700 (PDT)
Received: (qmail 63711 invoked from network); 14 Apr 2014 02:50:18 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 14 Apr 2014 02:50:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=65df.534b4cea.k1404; i=johnl@user.iecc.com; bh=BYN9UG+3H1WguM+bnjqB1b8qLy64hWyx+nZv6w1HD1w=; b=nyXwB3ZV/9fLo2ioD5OofiaejCEWfdQcoYhdvJsj4v0Me5quMPx/Rc7GdV82oPNvy/kvvmtFJhzBJ7vGTDfm//xAqhBJtu8EDHhKaUElke8lxOZl/8Px40Z/CwLqB41+EDQZvoSTso9JvE3pR8UWHKUW3/ffgKepKLIXgccoP9VCraF7LL2Helr7eff/WcgOOZD2ptJRwR1o9LTWqAgdDXQLrHVuDg2fs5GJGPPP/dOenx2SeGpVqHmzQot8DqFP
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=65df.534b4cea.k1404; olt=johnl@user.iecc.com; bh=BYN9UG+3H1WguM+bnjqB1b8qLy64hWyx+nZv6w1HD1w=; b=veVt9XZlXkoHPqwxscAyTzK4w1anQaPfGQQ6CB+S2pAl2ZGCCSXdBKC3Zk0V3QuLDt4PXvv6dYaZUB6c6mMERmrjG0KreVN1U4FJu/TTqbmYcd6UvwluihY06pWYq69q61A/77Pa2NjMVBlh8KZ45AOa9l8DAEf5mK0aghogn5ImPOWQkEBl/0+t79x/Fkt6E/lZwR/ge2heoNAOfAMhPFRgEuVTSNZVGcMrylSiShJhTS63SSawrQpScZgBIFOE
Date: 14 Apr 2014 02:49:56 -0000
Message-ID: <20140414024956.26078.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <534B40F8.1000808@dougbarton.us>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/4RrgLq_tmlPmA2b-E6POqOls4k4
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 02:50:25 -0000

>Meanwhile, I'm still not proposing that we train users, or even 
>anti-spam software to "recognize" or "validate" mailing list addresses. 
>What I'm proposing is a way to send mail from a list with From: 
>@domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the 
>left side of the @ sign to identify the actual sender of the message.

Yes, that's the 1980s percent hack.  Do you really think it's a good
idea to reinvent it to get around the defects of the FUSSP du jour?

I agree that it's not plausible to train people to recognize mailing
list addresses.  But what you're proposing is to train people to be
phished, by telling them that a rewritten address from something that
looks sort of like a mailing list is equivalent to whatever the
original address was.  Given that DMARC is supposed to be an
anti-phishing tool, this completely defeats the point.

R's,
John