Re: [dmarc-ietf] IETF Mailing Lists and DMARC
Franck Martin <franck@peachymango.org> Fri, 04 November 2016 00:00 UTC
Return-Path: <franck@peachymango.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9A9C12941A; Thu, 3 Nov 2016 17:00:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=peachymango.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYGIANSl6tVT; Thu, 3 Nov 2016 17:00:46 -0700 (PDT)
Received: from zmcc-5-mx.zmailcloud.com (zmcc-5-mx.zmailcloud.com [192.198.93.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8293E12711D; Thu, 3 Nov 2016 17:00:46 -0700 (PDT)
Received: from zmcc-5-mta-1.zmailcloud.com (127.37.197.104.bc.googleusercontent.com [104.197.37.127]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zmcc-5-mx.zmailcloud.com (Postfix) with ESMTPS id 9BFA6520257; Thu, 3 Nov 2016 20:00:45 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id 411EBC271B; Thu, 3 Nov 2016 19:00:45 -0500 (CDT)
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id kHObG-XnNjcF; Thu, 3 Nov 2016 19:00:44 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id 1F358C276B; Thu, 3 Nov 2016 19:00:44 -0500 (CDT)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmcc-5-mta-1.zmailcloud.com 1F358C276B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1478217644; bh=SUcpgc7//0FqY8yucnRvLjaKX/mrPMVpeTQSq89wy+M=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type; b=hTXJeWtUtL6iejhK7y3GKrDDa8B+y/GismYXnLBdbkcVhW1RdYgPEc/aHcRxBALTD 0fW3/n7HTOOSjT+0SWjdtN2sDKVRXRsT4etHacxZXhjVAwGEsSP7VCnuUPSm9zX2sD lBRtEmJdGJgURx0U1W59LZv3g0lp80baQ9TIDySM=
X-Virus-Scanned: amavisd-new at zmcc-5-mta-1.zmailcloud.com
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1yjrF3m-SyPK; Thu, 3 Nov 2016 19:00:43 -0500 (CDT)
Received: from zmcc-5-mailbox-1.zmailcloud.com (zmcc-5-mailbox-1.zmailcloud.com [10.240.0.12]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id EA3F4C272F; Thu, 3 Nov 2016 19:00:43 -0500 (CDT)
Date: Thu, 03 Nov 2016 19:00:43 -0500
From: Franck Martin <franck@peachymango.org>
To: Brandon Long <blong@google.com>
Message-ID: <175424623.13029094.1478217643737.JavaMail.zimbra@peachymango.org>
In-Reply-To: <WM!7d7bfd656418b4acfc48955aaa17b9e2d29c83392506f8f0281357915e8500c55668661064258127d5cc542862058785!@mailstronghold-2.zmailcloud.com>
References: <678C2FBA-A661-4556-A300-5C08562B5F8A@iii.ca> <29429.1478113235@obiwan.sandelman.ca> <CABa8R6vHdt75NFKW3s6xOzLcq=jmVAHDPX0tjLRdGpYSTP2cYA@mail.gmail.com> <5c0220dd-20b6-5e8e-fe9c-b402675cc559@gmail.com> <CABa8R6vTX=agyoUsUMXqS11R8eUC-shosb09CT=h0h1i1C5kmA@mail.gmail.com> <WM!7d7bfd656418b4acfc48955aaa17b9e2d29c83392506f8f0281357915e8500c55668661064258127d5cc542862058785!@mailstronghold-2.zmailcloud.com>
Subject: Re: [dmarc-ietf] IETF Mailing Lists and DMARC
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_13029093_456305042.1478217643736"
X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - FF49 (Mac)/8.6.0_GA_1194)
Thread-Topic: IETF Mailing Lists and DMARC
Thread-Index: dhvwG3sEKAiPZaBvwC7Vv0e12GIgew==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/5CPVOlB0SWLjG81s-jTeYlN0LGM>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, dmarc@ietf.org, Cullen Jennings <fluffy@iii.ca>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 00:00:49 -0000
> From: "Brandon Long" <blong@google.com> > To: "Brian E Carpenter" <brian.e.carpenter@gmail.com> > Cc: "Michael Richardson" <mcr+ietf@sandelman.ca>, dmarc@ietf.org, "IETF" > <ietf@ietf.org>, "Cullen Jennings" <fluffy@iii.ca> > Sent: Thursday, November 3, 2016 3:39:22 PM > Subject: Re: [dmarc-ietf] IETF Mailing Lists and DMARC > On Wed, Nov 2, 2016 at 3:19 PM, Brian E Carpenter < brian.e.carpenter@gmail.com > > wrote: >> On 03/11/2016 10:58, Brandon Long wrote: >> > With the understanding that my email is unlikely to be received by some of >> > those having issues... >> > Let us assume that those who specify p=REJECT have a good reason for doing >> > so, and that after 2-3 years, they are unlikely to change back. >> > Let us also assume that the members of these organizations who are >> > participating in IETF may or may not have any power over whether their >> > admins have decided to be p=REJECT. >> > And let us assume that we want these folks to participate in IETF. >> Let me stop you right there. Yes, we want everybody to be free to >> participate in the IETF, and presumably those people want to participate >> in the IETF. But participants have to be able to use the tools that the >> IETF has chosen, which includes mailing lists. That's always been true. >> (In 1992, when I started in the IETF, it meant knowing how to subscribe >> to a majordomo list. Today, subscribing is a bit easier, but it means >> avoiding the DMARC trap.) >> So such participants need to use an email sending address that works >> with IETF mailing lists. >> yahoo.com and google.com don't work properly with IETF mailing lists. >> Fortunately, very fine alternatives are available, such as gmail.com . >> (gmail's spam learning is even smart enough to work around p=reject, >> as it did for this very message that I'm replying too.) >> I think Michael Richardson made a very valid point. If our mailing >> list software detects a sender whose domain has p=reject, we *know* >> that the forwarded message will fail DMARC validation. So there's a >> strong case for rejecting the message immediately, so that the sender >> can be told about the problem and can choose a different sending address. >> Presumably, we'd only need to do this until ARC is deployable. > If enforcement of DMARC was universal (or nearly so), sure. Except, it's not. > As you said, Gmail didn't enforce it in this instance. > Rejecting the messages is definitely an option. As stated down thread, I > wouldn't > think it's the best choice for the members. Politics of exclusion are easy but usually do not go far... us vs them is never a long term option. but I'd like to point to a new problem surfacing as security is shifting with DMARC: impersonation on mailing lists. Several large lists have been recently caught by email impersonating list members. Was it successful enough for the miscreant? Will we see more in the future? Do lists need to check DMARC on incoming mail and apply policy? Do they need to do more than DMARC and authenticate the poster?
- Re: IETF Mailing Lists and DMARC Dave Crocker
- IETF Mailing Lists and DMARC Cullen Jennings
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC John Levine
- RE: IETF Mailing Lists and DMARC MH Michael Hammer (5304)
- RE: IETF Mailing Lists and DMARC John R Levine
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC Dave Crocker
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Paul Hoffman
- Re: IETF Mailing Lists and DMARC John C Klensin
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Michael Richardson
- Re: IETF Mailing Lists and DMARC Yoav Nir
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Yoav Nir
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Hector Santos
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Dave Crocker
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: IETF Mailing Lists and DMARC Cullen Jennings
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Cullen Jennings
- Re: IETF Mailing Lists and DMARC S Moonesamy
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brian E Carpenter
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC John Levine
- Identification of an email author (was - Re: [dma… Dave Crocker
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Terry Zink
- Re: IETF Mailing Lists and DMARC John Levine
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- Next step on IETF Mailing Lists and DMARC Alexey Melnikov
- Re: IETF Mailing Lists and DMARC Bob Hinden
- RE: IETF Mailing Lists and DMARC MH Michael Hammer (5304)
- Re: IETF Mailing Lists and DMARC Ted Lemon
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Terry Zink
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Steve Atkins
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- Options for temporary operational solution to DMA… Ted Lemon
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: [dmarc-ietf] Identification of an email autho… Brandon Long
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Franck Martin
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Hector Santos
- Re: Options for temporary operational solution to… Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC John C Klensin
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC John C Klensin
- Re: Options for temporary operational solution to… John Leslie
- RE: [dmarc-ietf] Identification of an email autho… Terry Zink
- Re: Options for temporary operational solution to… Toerless Eckert
- Re: [dmarc-ietf] Identification of an email autho… Ted Lemon
- Re: Options for temporary operational solution to… John Levine
- RE: [dmarc-ietf] Identification of an email autho… Terry Zink
- Re: Options for temporary operational solution to… Ted Lemon
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Christian Huitema
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brian E Carpenter
- Re: Options for temporary operational solution to… Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: Options for temporary operational solution to… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… Franck Martin
- Re: [dmarc-ietf] Identification of an email autho… Khaled Omar
- Re: [dmarc-ietf] Identification of an email autho… S Moonesamy
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… ned+ietf
- Re: [dmarc-ietf] Identification of an email autho… Franck Martin
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… John C Klensin
- Re: [dmarc-ietf] Identification of an email autho… Brandon Long