Re: Suggestion: can we test DMARC deployment with a mailing list?
"John R Levine" <johnl@taugh.com> Fri, 02 May 2014 22:52 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B0571A09B6 for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 15:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3OQDSYFLnku for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 15:52:10 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id 058A21A0957 for <ietf@ietf.org>; Fri, 2 May 2014 15:52:09 -0700 (PDT)
Received: (qmail 81898 invoked from network); 2 May 2014 22:52:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=13fe9.53642196.k1405; bh=vU5U1FAQGYrdBHOAHg6sUM8ZioMJpkTqBxQ6E+1MaG4=; b=AEeCIfniZaAhTQT6QT4rn7c7utOC9aEgfGTD9aa/Pcd0/5G87ESO9Lib7lWLXRWlrRs+vuMGXZligo8PUnQxz4PIX5Yp7CQSj6m7HvfWD7HlK4wKUc5geuvb3WUT60jd7HmPyEchAROvXYiI0n5OXwE5QJoiff5fnXgF5EV1450TLW7s5ly7qkfkzd/7AI81xKBQgGNFCOXXqS9cyTGGYLCPhmPiFykZHzni2Xn8+V6VuvaS+4MAESELYpHtZ/Sw
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=13fe9.53642196.k1405; bh=vU5U1FAQGYrdBHOAHg6sUM8ZioMJpkTqBxQ6E+1MaG4=; b=AkLrhni5tq2Kk5Y6ET9cg7cTfUGFBQB11GF2pgDkVUgplYqA0gNsbjGFIMkNT/wgNLpLRqsfcbauDBzkpDwq25RHkWKi/fZrIojyfkira/uIu1yMJeLvbKD/jOndhorHC8A5Dkm6F+eOsPJBlr+nBOn5imQmueKVCeFkXGMBvi+ZAB16RODr7O4yZhdP6fwMCafpj061TJXD27N9VIcPdCkJjpGFsKLzO5hTfDcqw4+hn94aq3GUBPkjnVj0QrNu
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 02 May 2014 22:52:06 -0000
Date: Fri, 02 May 2014 18:52:05 -0400
Message-ID: <alpine.BSF.2.00.1405021731280.81340@joyce.lan>
From: John R Levine <johnl@taugh.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Subject: Re: Suggestion: can we test DMARC deployment with a mailing list?
In-Reply-To: <E32E56A1-F404-489B-96F5-FCF335BFD57A@cisco.com>
References: <20140502211317.81216.qmail@joyce.lan> <E32E56A1-F404-489B-96F5-FCF335BFD57A@cisco.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: MULTIPART/signed; protocol="application/pkcs7-signature"; micalg="sha1"; BOUNDARY="3825401791-293828948-1399071126=:81340"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/6PoLS1n5y5u2hk-lnyCFjxpkFcY
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 22:52:11 -0000
>> We've been running that experiment for at least a year. Surprise! > > Good to hear. Obviously not the area I’m looking at hardest. > > If we’re having the level of problems that seem to be being reported in > this thread, it would appear that we haven’t learned much from the > experiment. I take it that the draft Doug Otis mentions is part of the > mitigation discussion. The problems are occuring at the end points, not at the IETF. For example, aaron@aol.com posts to a list, where one of the subscribers is charlie@comcast.net. The list adds a subject tag and footer, as our lists have done since forever, and remails it to Charlie. Comcast's DMARC software observes that this message has an aol.com addresss in the From: line, but didn't come from an AOL IP host (SPF) or has it a valid aol.com DKIM signature, so Comcast bounces it. This isn't hypothetical; I've seen exactly this in my logs. Before anyone says "why don't we just ...", we've been arguing about this for a year, and any technical change to mailing lists won't avoid the DMARC problem, or will change the way that lists work, requiring that users retrain themselves and their local mail filters. We didn't create this problem, and I don't think it's reasonable to ask us to bear the costs of fixing it. What would work is for the systems that implement DMARC to whitelist senders who send legitimate mail that DMARC can't describe. (Not total whitelist, just skip the DMARC bit.) That could work, if they're willing to spend their own money to do it. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
- Suggestion: can we test DEMARC deployment with a … Fred Baker (fred)
- Re: Suggestion: can we test DEMARC deployment wit… Christopher Morrow
- Re: Suggestion: can we test DEMARC deployment wit… Douglas Otis
- Re: Suggestion: can we test DMARC deployment with… John Levine
- Re: Suggestion: can we test DEMARC deployment wit… Dave Crocker
- Re: Suggestion: can we test DMARC deployment with… Fred Baker (fred)
- Re: Suggestion: can we test DMARC deployment with… John R Levine
- Re: Suggestion: can we test DMARC deployment with… Theodore Ts'o
- Re: Suggestion: can we test DMARC deployment with… Douglas Otis
- Re: Suggestion: can we test DMARC deployment with… John R Levine
- Re: Suggestion: can we test DEMARC deployment wit… Hector Santos
- Re: Suggestion: can we test DMARC deployment with… Theodore Ts'o
- Re: Suggestion: can we test DEMARC deployment wit… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Miles Fidelman
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Fred Baker (fred)
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Miles Fidelman
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Fred Baker (fred)
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Dave Crocker
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Douglas Otis
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… ned+ietf
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… John Levine
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Doyle, John