Re: (DMARC) We've been here before, was Why mailing lists
"John R Levine" <johnl@taugh.com> Thu, 17 April 2014 04:03 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F370E1A044B for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 21:03:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mlUA00so0dWa for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 21:03:06 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id D6D361A043C for <ietf@ietf.org>; Wed, 16 Apr 2014 21:03:05 -0700 (PDT)
Received: (qmail 74483 invoked from network); 17 Apr 2014 04:03:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=122f2.534f5275.k1404; bh=yLi4j+k3OfhF8KlKUNAKZ1gxQtyszGwUoij3uPqbriY=; b=Ygmou+v4tJw61L134vV4TTr7FGqk8psHLyQkcXF42X7FcZHJ5eQX0FTavgZKXeUDA0M6frgIGJLIW9uUscI02LA7GIQ99QHJwZJ7H3415IYOM5BE/bn110V29R16fk+sDgZoqX5T6ksCkjb/a3S6OIIufaujQehXnh9SrydU6HLOf4VJmE5d3Zk2z7uhHGaW75IvgvnnunIX91e4ldbEIx1A2RmkMFPFZZyCKHlY8OQiXMHsXhcnMfQ8V0BQlcNB
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=122f2.534f5275.k1404; bh=yLi4j+k3OfhF8KlKUNAKZ1gxQtyszGwUoij3uPqbriY=; b=34/7thQHwqjBy6RQUNgXDb8G2HZcgfbXhTTfIAEz0hA0/7h1+q5FAP4xjzAoBm9SetGczdJpI66jUO8jEb4+NHS7l5OrM7/pmaOm4JWktoPiUV1kCStL71FloARKVl3rpL1ZrHkCebFjcbCSbx4PvAn/dqAsYOmWS2Gz4f+YcCRy+6lT6nIuWkK2dMyAIvLtzJynqJrsOGMQotrKQzocByukmEczoTZ8wi2Js1ngvTYKp1I8acR+yoJrEO3XrocI
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 17 Apr 2014 04:03:01 -0000
Date: Thu, 17 Apr 2014 00:03:00 -0400
Message-ID: <alpine.BSF.2.00.1404162346400.2194@joyce.lan>
From: John R Levine <johnl@taugh.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Subject: Re: (DMARC) We've been here before, was Why mailing lists
In-Reply-To: <534F1183.6060702@qti.qualcomm.com>
References: <CE39F90A45FF0C49A1EA229FC9899B0507D45766@USCLES544.agna.amgreetings.com> <20140414214949.32126.qmail@joyce.lan> <CE39F90A45FF0C49A1EA229FC9899B0507D460CB@USCLES544.agna.amgreetings.com> <alpine.BSF.2.00.1404142150430.32657@joyce.lan> <CAL0qLwbPMm_i0fqNSGQPv=xZaiNASy=icsRNudaNJ_3PNtX3Og@mail.gmail.com> <alpine.BSF.2.00.1404151832460.38826@joyce.lan> <CAL0qLwZUptJVw85T2FjB2HRGoOvcOUHKiQXeadM0QE9BsFVM9w@mail.gmail.com> <CAKHUCzxpwS+nR9wRGOzU_83f7XabMr0pwB5x-MHrqM-28r80kw@mail.gmail.com> <CAKHUCzzw9mufrTCOBQOkRrZU6wOM21X8Y=FUEKf=qnzS9VESjA@mail.gmail.com> <alpine.BSF.2.00.1404161654430.2065@joyce.lan> <534F1183.6060702@qti.qualcomm.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: MULTIPART/signed; protocol="application/pkcs7-signature"; micalg="sha1"; BOUNDARY="3825401791-506175694-1397707381=:2194"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/C6iwUEt3ZSHJQ_q_d1Em5yJ8_I4
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 04:03:11 -0000
> The originator (well, more to the point, the originator's mail server) > doesn't need a signal that it's a mailing list; it's simply that the > destination makes an "if I forward the mail, I'll be including this" piece of > data available, and the originator's server can then include that in the > signature of the message. I was thinking this could be in some special kind > of DMARC (or whatever) record that lived in the mailing list's domain and > could be queried by the originator's server. We argued at great length about this issue when we were doing DKIM. The magic token has to be cryptographically tied to the contents of the original message, or bad guys can take the token from a real message and replace the body with spam. So that means a token tied to a hash of the contents of the message which is, of course, a DKIM signature. This scheme is equivalent to requiring that lists preserve DKIM signatures, which they don't. Every attempt to create a signing scheme that is flexible enough to deal with all the routine stuff that lists do (e.g., reorder, discard, or flatten MIME parts while adding the usual subject tags and body footers) while being robust enough to prevent bad guys from replacing the message with spam has completely failed. We can try again, but I don't see any reason to think that the result would be any different. Hence you can only accept mutated messages from sources you trust, i.e., a whitelist, and once you have a whitelist, you might as well just deliver the whitelisted mail. Maybe I'm missing something here, but we've gone around this barn an awful lot of times over the past decade and always ended up in the same place. R's, John
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- DMARC: perspectives from a listadmin of large ope… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- RE: DMARC: perspectives from a listadmin of large… Alex Ojeda
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- RE: DMARC: perspectives from a listadmin of large… l.wood
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Mailman 2.1.16 [DMARC: perspectives from a listad… Brian E Carpenter
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: protecting the Internet from DMARC damage, wa… John Levine
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- RE: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Douglas Otis
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: protecting the Internet from DMARC damage, wa… MH Michael Hammer (5304)
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: protecting the Internet from DMARC damage, wa… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: protecting the Internet from DMARC damage, wa… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Let's talk (was: DMARC: perspectives from a lista… S Moonesamy
- (DMARC) Why mailing lists are only sort of special John R Levine
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John R. Levine
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: Let's talk (was: DMARC: perspectives from a l… S Moonesamy
- Re: Let's talk (was: DMARC: perspectives from a l… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: (DMARC) Why mailing lists are only sort of sp… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… tytso
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Mark Andrews
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Martin Rex
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: (DMARC) Why mailing lists are only sort of sp… MH Michael Hammer (5304)
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… Michael Richardson
- Re: (DMARC) Why mailing lists are only sort of sp… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… John Levine
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) How a whitelist would work, was Why m… Yoav Nir
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Brian E Carpenter
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- [off-off-track] Re: (DMARC) We've been here befor… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Alessandro Vesely