Re: (DMARC) Why mailing lists are only sort of special

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 16 April 2014 22:53 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A80B01A0359 for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 15:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ritmtODGNHEl for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 15:53:51 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id D33371A023A for <ietf@ietf.org>; Wed, 16 Apr 2014 15:53:50 -0700 (PDT)
Received: by mail-wi0-f182.google.com with SMTP id d1so25480wiv.9 for <ietf@ietf.org>; Wed, 16 Apr 2014 15:53:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mZTu2Y5JA5cxKGcIZVj7g/cqNpq6Ja0wNkqWsmP1eHU=; b=YCAfYOG+fC3rrDVcG9jyP1wiJgPZ1sm+cAvIHPjkWyJFhsGIA5+iizg+bXDMhif8y4 ysbEgiB04NEJ2kiiyDgxqrAldbPK7wAZQ+ZJaL+qzcLHWw/K3Tm2GsKzJOIduKhrjdzO u7VZjcxDFDf2QqAzSYbbCxxNdnzyLUGqFlT6xXLS/1bkjHqLMDjSIK2A1vxn6k9+JkL/ BHaxGfVQjApymyNpJYEd4x6D0gnPryd3JVDELMeCrDUXbDygQBMLw3J661fiXm8Qh4z4 uLZt9XOHfrSkkSnjtfZZOAWKGMNvHNStCLpFO8/eE3cfifhbJ5ImAGnrzKqPOlthDQC6 el1A==
MIME-Version: 1.0
X-Received: by 10.180.106.132 with SMTP id gu4mr8825690wib.26.1397688826282; Wed, 16 Apr 2014 15:53:46 -0700 (PDT)
Received: by 10.180.90.140 with HTTP; Wed, 16 Apr 2014 15:53:46 -0700 (PDT)
In-Reply-To: <alpine.BSF.2.00.1404161654430.2065@joyce.lan>
References: <CE39F90A45FF0C49A1EA229FC9899B0507D45766@USCLES544.agna.amgreetings.com> <20140414214949.32126.qmail@joyce.lan> <CE39F90A45FF0C49A1EA229FC9899B0507D460CB@USCLES544.agna.amgreetings.com> <alpine.BSF.2.00.1404142150430.32657@joyce.lan> <CAL0qLwbPMm_i0fqNSGQPv=xZaiNASy=icsRNudaNJ_3PNtX3Og@mail.gmail.com> <alpine.BSF.2.00.1404151832460.38826@joyce.lan> <CAL0qLwZUptJVw85T2FjB2HRGoOvcOUHKiQXeadM0QE9BsFVM9w@mail.gmail.com> <CAKHUCzxpwS+nR9wRGOzU_83f7XabMr0pwB5x-MHrqM-28r80kw@mail.gmail.com> <CAKHUCzzw9mufrTCOBQOkRrZU6wOM21X8Y=FUEKf=qnzS9VESjA@mail.gmail.com> <alpine.BSF.2.00.1404161654430.2065@joyce.lan>
Date: Wed, 16 Apr 2014 15:53:46 -0700
Message-ID: <CAL0qLwYT_y5ksCP5DpHGXEK084zVg=6HfpJ2B2khkK7jDByZmQ@mail.gmail.com>
Subject: Re: (DMARC) Why mailing lists are only sort of special
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary=e89a8f3babd3ff484b04f730c918
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/9Nd1lCMzH4FKzvgTExrQHMG6XRM
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 22:53:52 -0000

On Wed, Apr 16, 2014 at 1:57 PM, John R Levine <johnl@taugh.com> wrote:

> How do I distinguish the nice mailing lists at ietf.org from random evil
> spammer domains sending spam with List-ID headers?
>
> Every proposal I've seen like this ends up tripping over the fact that
> there is no technical way to distinguish between mail from real mailing
> lists and spam that looks like it's from mailing lists.  Hence you need a
> whitelist for the real mail, at which point all of the mechanism beyond the
> key for the whitelist (probably a DKIM signature) is superfluous.
>

Let's assume for the moment that a whitelist is the only option.  (Pete
made a different suggestion that I haven't read fully yet, for example.)
Do you envision each operator maintaining its own whitelist, or one or more
public registries of them, or something else?

It may be the case that it's the only way, but if so, then someone needs to
write down some how-tos on this as well.  May as well begin to develop that
idea.

-MSK