Re: DMARC: perspectives from a listadmin of large open-source lists
Hector Santos <hsantos@isdg.net> Tue, 08 April 2014 18:30 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A431A0699 for <ietf@ietfa.amsl.com>; Tue, 8 Apr 2014 11:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.301
X-Spam-Level:
X-Spam-Status: No, score=-99.301 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQHpHCrks_LM for <ietf@ietfa.amsl.com>; Tue, 8 Apr 2014 11:29:53 -0700 (PDT)
Received: from secure.winserver.com (winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 7DD5D1A068B for <ietf@ietf.org>; Tue, 8 Apr 2014 11:29:52 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=6404; t=1396981789; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=wQqvGVhxCoI+uZDFXXtGUvXxBi4=; b=TrOCWuis3LiSqHVmy3yO k5aC0d4f8z8gVNflcpooxGAqWEREudn25dTsZ6BApBX1x9PZ2uq04OL7Y+VpNq0v sOgJrFrtFloCV6h9pkjSw/Lp/TVr/F6nkkW5XT+jd9vWJmi1wsD0DzlqSrCMIbBm 1cpPWvp59uOpdh6/jlJuwm0=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Tue, 08 Apr 2014 14:29:49 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com (hector.wildcatblog.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 90372907.3.3644; Tue, 08 Apr 2014 14:29:48 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=6404; t=1396981736; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=FC37Ay5 EXj1Q+5ueJJJbtCQIgVOzUGLSk5h5W3/ioVs=; b=ja/hnGEG9z30x52I4LIlqO8 jWwhNLCMc6vok5rxexOG4FedZOiTpOT9kyldTrb5MHpJA+uDOSmEXyY5szZl+yEg pnHqQZc5me54ndf+ejLbib6+BKcPrnqOhm5EjGSp28s2gTq8oVSpPSt8O2gN0eIJ /jq+dHlfUrfW8AV7BUOc=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Tue, 08 Apr 2014 14:28:56 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 109911515.9.2380; Tue, 08 Apr 2014 14:28:54 -0400
Message-ID: <5344401C.2050602@isdg.net>
Date: Tue, 08 Apr 2014 14:29:48 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: "Robin H. Johnson" <robbat2@gentoo.org>, Sabahattin Gucukoglu <listsebby@me.com>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <robbat2-20140408T031810-279861577Z@orbis-terrarum.net> <alpine.BSF.2.00.1404072357400.73388@joyce.lan> <E2D6EA08-144D-4DB3-ABFC-6F98AF3C588F@me.com> <robbat2-20140408T051158-246173691Z@orbis-terrarum.net>
In-Reply-To: <robbat2-20140408T051158-246173691Z@orbis-terrarum.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/Btqyzvdqgx-T5fIZRHEnizwtKqM
Cc: IETF general list <ietf@ietf.org>, zwicky@yahoo-inc.com
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 18:30:00 -0000
By far, the list REPLY-TO feature benefited the layman list user inability to figure it out how to reply back to the list by manipulating header input fields with the lack of MUA support for a 3rd reply button: REPLY REPLY TO ALL REPLY TO LIST <--- NEW With greater support for LIST-* headers, the MUA can now add the 3rd button and the default, natural "reply" action to reply back to the list. Without it, most layman and even "lazy" veterans can mistakenly and naturally click that "reply" button only to unintentionally go directly and not to the groupware discussion area A.K.A "mailing list." You have to look at it from the perspective of the UI ERGONOMICS and the support process why it even existed. That said, it is not natural to TAMPER with mail, especially of the body text, but including headers that were not created by the middle ware. However, there has been a historical school of though that mailing list server/agent was acting as a NEW MAIL AUTHOR. I didn't think it was 100% kolsher, but it was a rationale for the technical justification to tamper with mail; list software is really a "new author" therefore it has "right" to tamper with mail. I didn't generally agree with this, but even our own (commercial) Mailing List Server does manipulate the headers in principle to improve communications, and of recent as an option to improve DKIM resigning logical "faults." Improving the communications included: - Prepare the BOUNCE, ERROR address. Different remote Bouncing software behave differently in how or where they get the bounce or error address. So this one reason you will have redundancy, changes in error addresses; Sender:, Errors-To: to target all forms. - Minimizing mistakes, making it easy for the USER to have a "natural" reply back to the list by adjusting the Reply-To header. By far, the preferred intention is to reply back to the list. Newer MUA with list-* header and "REPLY TO LIST" reduces the new to set or strip & replace the reply-to field. There was also major concerns with DKIM tampering with originality. It will be an injustice to try to cover, go over all that again here. Finally, this whole discussion about DMARC is all deja-vu and surreal too that the OP is concern now when DKIM with SSP or ADSP had the same problems and DMARC does not resolve it. He knows that. So I see this as a marketing effort to push something that clearly will not work for the same reasons ADSP did not. Its no different. In principle, we will always have the same problems with LIST software because of the mindset and rationale that the middle ware is a "new author" and therefore does not have to respect any SECURITY POLICY controls by the originating, authoring, copyright holding domain. It was a clear case of intentional ignorance (don't recognize ADSP, make it historic) and tampering of a email security control. It was the reason the powerful concept of SSP/ADSP did not get the wider MARKETING endorsement it deserved. The main hurdle was with LIST systems. The same problem will be with DMARC. There is nothing that DMARC can do to change that except perhaps advocate (and document) stronger middle ware controls to properly follow these security controls. But you can't have this when DKIM was revised to be based on a futuristic, never materializing 3rd party signer control system that is consistent and persistent from point to point, end to end, pretty much like the SSL/BROWSER market with each browser supporting the same 3rd party signature framework. We can not repeat this in the mail system -- too many vendors to begin with. With browsers, there were only a few you had to deal with. We knew all this list problem in DKIM 101. It was part of the original charter that any idea to make it work would be secondary to the primary purpose of gaining stronger direct domain security controls. DKIM and ASDP were part of the original standard track charter. It made perfect engineering sense. But that seem to change by the "big" list operators who felt that DKIM needs be a 3rd PARTY signer control framework with less recognition to the original author. SSP which has 3rd party controls was reduced to ADSP that allowed for a secured 1st party control. But that still would not work with LIST system unless these middle ware routers supports the 1st party controls too. It was too easy to see that it won't work. Not thru LIST systems without 100% advocated support for honoring these new domain security protocol policies. Instead, it is documented in DKIM related RFCs that its OK to tamper with mail as long it was resigned with "trusted" 3rd party signing domains. The theory is that if the receivers also had a table of the same 3rd party Trusted signers, then it would resolve the broken chain of trusted mail problem. We can't have it both ways. --- HLS On 4/8/2014 1:16 AM, Robin H. Johnson wrote: > On Tue, Apr 08, 2014 at 06:06:27AM +0100, Sabahattin Gucukoglu wrote: >> On 8 Apr 2014, at 05:21, John R Levine <johnl@taugh.com> wrote: >>> Mailing list apps can't "implement DMARC" other than by getting rid >>> of every feature that makes lists more functional than simple >>> forwarders. Given that we haven't done so for any of the previous >>> FUSSPs that didn't contemplate mailing lists, because those features >>> are useful to our users, it seems unlikely we'll do so now. >> Well, Mailman 2.1.16 has the FROM_IS_LIST feature that "Fixes" the >> problem by putting the list address in the From: field. That seems to >> work, except that you lose information (the sender's address) if the >> list wants to operate a policy of "Reply goes to list". You can then >> assure that DKIM signatures are valid and set up SPF, etc. This also >> has the effect of letting you operate through the various cloud email >> platforms that try to validate sender addresses. > This breaks the ability to reply directly to the sender when the > response should NOT be on the list, as well as the ability to put a > sender in a personal killfile. > > And don't start on suggesting Reply-To instead, RFC 2822 already > noted that it should be set by the author, not the list software [1]. > > [1] http://marc.merlins.org/netrants/listreplyto.html List Reply-To > considered harmful. >
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- DMARC: perspectives from a listadmin of large ope… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- RE: DMARC: perspectives from a listadmin of large… Alex Ojeda
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- RE: DMARC: perspectives from a listadmin of large… l.wood
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Mailman 2.1.16 [DMARC: perspectives from a listad… Brian E Carpenter
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: protecting the Internet from DMARC damage, wa… John Levine
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- RE: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Douglas Otis
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: protecting the Internet from DMARC damage, wa… MH Michael Hammer (5304)
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: protecting the Internet from DMARC damage, wa… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: protecting the Internet from DMARC damage, wa… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Let's talk (was: DMARC: perspectives from a lista… S Moonesamy
- (DMARC) Why mailing lists are only sort of special John R Levine
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John R. Levine
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: Let's talk (was: DMARC: perspectives from a l… S Moonesamy
- Re: Let's talk (was: DMARC: perspectives from a l… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: (DMARC) Why mailing lists are only sort of sp… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… tytso
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Mark Andrews
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Martin Rex
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: (DMARC) Why mailing lists are only sort of sp… MH Michael Hammer (5304)
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… Michael Richardson
- Re: (DMARC) Why mailing lists are only sort of sp… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… John Levine
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) How a whitelist would work, was Why m… Yoav Nir
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Brian E Carpenter
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- [off-off-track] Re: (DMARC) We've been here befor… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Alessandro Vesely