Re: DMARC: perspectives from a listadmin of large open-source lists

Michael Richardson <> Wed, 16 April 2014 12:58 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6F8EC1A0156 for <>; Wed, 16 Apr 2014 05:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.163
X-Spam-Status: No, score=-2.163 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id il40KdXt8I-y for <>; Wed, 16 Apr 2014 05:58:28 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8DD881A0178 for <>; Wed, 16 Apr 2014 05:58:26 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id DF5AE2002C for <>; Wed, 16 Apr 2014 08:58:40 -0400 (EDT)
Received: by (Postfix, from userid 179) id DD22A63ABD; Wed, 16 Apr 2014 08:58:16 -0400 (EDT)
Received: from (localhost []) by (Postfix) with ESMTP id C91F763AA2 for <>; Wed, 16 Apr 2014 08:58:16 -0400 (EDT)
From: Michael Richardson <>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <>
References: <> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <> <> <> <> <> <> <> <>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Wed, 16 Apr 2014 08:58:16 -0400
Message-ID: <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Apr 2014 12:58:33 -0000

It's clear to me that we need at least a non-WG mailing list for this
*technical* discussion.  Fixing the mailing list problem may require
fundamental changes in how things work; and I think that is okay.
Maybe we could try this NNTP thinkg I've heard about :-)

Pete Resnick <> wrote:
    > a decision on which lists to send to, that's a different thing.) If the
    > originator's site is going to allow that, you could create a mechanism
    > where
    > the originator's site gets some sort of cryptographic data from the
    > mailing list site and include that in its signed message, such that
    > when the eventual

so, what you are saying is that based upon the (SMTP) To: address, the sender
needs a signal that this is a mailing list, and some way to react.
Maybe this could be combined with various SMTP DANE mechanisms, or at least,
maybe "Additional RR" could return that kind of information.

I think that there are a whole bunch of architectually important things
here.  The signal has to come early enough to either modify the DKIM process,
or if the signal comes rather late (such as during SMTP delivery), then it
needs to be possible to redo the DKIM process.  I think that this will be
challenging for many large installations where there are multiple layers of
outgoing SMTP delivery machines, and DKIM is just a stage in the process.

But, I don't think it is impossible.
Consider all the other meta info that could be stored along with the "I am a
list" signal... things like how to subscribe, unsubscribe, location of
archive, etc.

Imagine if that signal also changed the protocol from SMTP to NNRP POST?

    > And again, this is only if the originator indicates that it *wants* to
    > allow its users to have their mail redistributed. The site is well
    > within rights to ndicate that it doesn't want that to happen, and a
    > friendly mailing list would bounce the mail in that case.

Running code.  we need someone to fund and participate in an experiment.
 (cf: other thread about not participating in SDOs anymore)

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-