IETF Logo Mail Archive

Re: [dmarc-ietf] IETF Mailing Lists and DMARC

Franck Martin <franck@peachymango.org> Fri, 04 November 2016 00:00 UTC

Return-Path: <franck@peachymango.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9A9C12941A; Thu, 3 Nov 2016 17:00:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=peachymango.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYGIANSl6tVT; Thu, 3 Nov 2016 17:00:46 -0700 (PDT)
Received: from zmcc-5-mx.zmailcloud.com (zmcc-5-mx.zmailcloud.com [192.198.93.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8293E12711D; Thu, 3 Nov 2016 17:00:46 -0700 (PDT)
Received: from zmcc-5-mta-1.zmailcloud.com (127.37.197.104.bc.googleusercontent.com [104.197.37.127]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zmcc-5-mx.zmailcloud.com (Postfix) with ESMTPS id 9BFA6520257; Thu, 3 Nov 2016 20:00:45 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id 411EBC271B; Thu, 3 Nov 2016 19:00:45 -0500 (CDT)
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id kHObG-XnNjcF; Thu, 3 Nov 2016 19:00:44 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id 1F358C276B; Thu, 3 Nov 2016 19:00:44 -0500 (CDT)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmcc-5-mta-1.zmailcloud.com 1F358C276B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1478217644; bh=SUcpgc7//0FqY8yucnRvLjaKX/mrPMVpeTQSq89wy+M=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type; b=hTXJeWtUtL6iejhK7y3GKrDDa8B+y/GismYXnLBdbkcVhW1RdYgPEc/aHcRxBALTD 0fW3/n7HTOOSjT+0SWjdtN2sDKVRXRsT4etHacxZXhjVAwGEsSP7VCnuUPSm9zX2sD lBRtEmJdGJgURx0U1W59LZv3g0lp80baQ9TIDySM=
X-Virus-Scanned: amavisd-new at zmcc-5-mta-1.zmailcloud.com
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1yjrF3m-SyPK; Thu, 3 Nov 2016 19:00:43 -0500 (CDT)
Received: from zmcc-5-mailbox-1.zmailcloud.com (zmcc-5-mailbox-1.zmailcloud.com [10.240.0.12]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id EA3F4C272F; Thu, 3 Nov 2016 19:00:43 -0500 (CDT)
Date: Thu, 03 Nov 2016 19:00:43 -0500
From: Franck Martin <franck@peachymango.org>
To: Brandon Long <blong@google.com>
Message-ID: <175424623.13029094.1478217643737.JavaMail.zimbra@peachymango.org>
In-Reply-To: <WM!7d7bfd656418b4acfc48955aaa17b9e2d29c83392506f8f0281357915e8500c55668661064258127d5cc542862058785!@mailstronghold-2.zmailcloud.com>
References: <678C2FBA-A661-4556-A300-5C08562B5F8A@iii.ca> <29429.1478113235@obiwan.sandelman.ca> <CABa8R6vHdt75NFKW3s6xOzLcq=jmVAHDPX0tjLRdGpYSTP2cYA@mail.gmail.com> <5c0220dd-20b6-5e8e-fe9c-b402675cc559@gmail.com> <CABa8R6vTX=agyoUsUMXqS11R8eUC-shosb09CT=h0h1i1C5kmA@mail.gmail.com> <WM!7d7bfd656418b4acfc48955aaa17b9e2d29c83392506f8f0281357915e8500c55668661064258127d5cc542862058785!@mailstronghold-2.zmailcloud.com>
Subject: Re: [dmarc-ietf] IETF Mailing Lists and DMARC
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_13029093_456305042.1478217643736"
X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - FF49 (Mac)/8.6.0_GA_1194)
Thread-Topic: IETF Mailing Lists and DMARC
Thread-Index: dhvwG3sEKAiPZaBvwC7Vv0e12GIgew==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/5CPVOlB0SWLjG81s-jTeYlN0LGM>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, dmarc@ietf.org, Cullen Jennings <fluffy@iii.ca>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 00:00:49 -0000

> From: "Brandon Long" <blong@google.com>
> To: "Brian E Carpenter" <brian.e.carpenter@gmail.com>
> Cc: "Michael Richardson" <mcr+ietf@sandelman.ca>, dmarc@ietf.org, "IETF"
> <ietf@ietf.org>, "Cullen Jennings" <fluffy@iii.ca>
> Sent: Thursday, November 3, 2016 3:39:22 PM
> Subject: Re: [dmarc-ietf] IETF Mailing Lists and DMARC

> On Wed, Nov 2, 2016 at 3:19 PM, Brian E Carpenter < brian.e.carpenter@gmail.com
> > wrote:

>> On 03/11/2016 10:58, Brandon Long wrote:
>> > With the understanding that my email is unlikely to be received by some of
>> > those having issues...

>> > Let us assume that those who specify p=REJECT have a good reason for doing
>> > so, and that after 2-3 years, they are unlikely to change back.

>> > Let us also assume that the members of these organizations who are
>> > participating in IETF may or may not have any power over whether their
>> > admins have decided to be p=REJECT.

>> > And let us assume that we want these folks to participate in IETF.

>> Let me stop you right there. Yes, we want everybody to be free to
>> participate in the IETF, and presumably those people want to participate
>> in the IETF. But participants have to be able to use the tools that the
>> IETF has chosen, which includes mailing lists. That's always been true.
>> (In 1992, when I started in the IETF, it meant knowing how to subscribe
>> to a majordomo list. Today, subscribing is a bit easier, but it means
>> avoiding the DMARC trap.)

>> So such participants need to use an email sending address that works
>> with IETF mailing lists.

>> yahoo.com and google.com don't work properly with IETF mailing lists.
>> Fortunately, very fine alternatives are available, such as gmail.com .
>> (gmail's spam learning is even smart enough to work around p=reject,
>> as it did for this very message that I'm replying too.)

>> I think Michael Richardson made a very valid point. If our mailing
>> list software detects a sender whose domain has p=reject, we *know*
>> that the forwarded message will fail DMARC validation. So there's a
>> strong case for rejecting the message immediately, so that the sender
>> can be told about the problem and can choose a different sending address.
>> Presumably, we'd only need to do this until ARC is deployable.

> If enforcement of DMARC was universal (or nearly so), sure. Except, it's not.
> As you said, Gmail didn't enforce it in this instance.

> Rejecting the messages is definitely an option. As stated down thread, I
> wouldn't
> think it's the best choice for the members.

Politics of exclusion are easy but usually do not go far... us vs them is never a long term option. 

but I'd like to point to a new problem surfacing as security is shifting with DMARC: impersonation on mailing lists. 

Several large lists have been recently caught by email impersonating list members. 

Was it successful enough for the miscreant? Will we see more in the future? 

Do lists need to check DMARC on incoming mail and apply policy? Do they need to do more than DMARC and authenticate the poster?

v2.23.0 | Report a Bug | By Email