Re: Mailman 2.1.16 [DMARC: perspectives from a listadmin of large open-source lists

"John Levine" <johnl@taugh.com> Mon, 14 April 2014 22:00 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A79BA1A0473 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 15:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.542
X-Spam-Level: *
X-Spam-Status: No, score=1.542 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7I6kak7CKpxG for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 15:00:43 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id AB7AC1A0230 for <ietf@ietf.org>; Mon, 14 Apr 2014 15:00:42 -0700 (PDT)
Received: (qmail 56834 invoked from network); 14 Apr 2014 22:00:39 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 14 Apr 2014 22:00:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=7db4.534c5a87.k1404; i=johnl@user.iecc.com; bh=jWKZoNALYtlcp1eu1eG8Lib8+UsdzgQSF9LFPPRbMQY=; b=Zk2xq+d5K6f4F+TZWoNw2scuqG7f3dpGasSR/DPVI20IAULEgZ0SzykFwS0UJZvMaEYkx5d8Id8/RNEiNwCWM9ueXT/Xuw2qAg66ZNypdZNZSzvWw6f/fMeKp+J2qMn5Tv1zP00HVKqXxlbxGN4u7OWapOkx9WMukgiSME7XTNys9Dth+R87NfH+gM6m2tNFTkBRxngRfGKbjzMsdnCgKNW0v2ghR5AvDj0fXs0su3t5GlJ56RDl9WVAhH6R4uuF
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=7db4.534c5a87.k1404; olt=johnl@user.iecc.com; bh=jWKZoNALYtlcp1eu1eG8Lib8+UsdzgQSF9LFPPRbMQY=; b=o9fj5D8JEYTGQ5tn3OQ7IWZywY5YSJwmGhg5s8pSKWCFr/HusmKgV+0LNO8NJbgpxs+b/VSMi4fXP8noEDQ0AyguWuFC60LOeaDaqgLZJV0qPunY/wq50cat0XyQWfWFjmacWr5hD7HM2vqktDQ7C7FX5Zlhbr7NZbdgNMNZ9cNgan0gjQ1CvLPO/B8vGlj/QrIsH99rvvCGanP/1O7mK3uPkeqqq60HtuaNaA2FcJ31X+hG9xchRsFBRRyu9gw0
Date: 14 Apr 2014 22:00:17 -0000
Message-ID: <20140414220017.32179.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: Mailman 2.1.16 [DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <534C4794.5000600@gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/FppbE_uCxdqDpMvRjcg9ohDJOlM
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 22:00:44 -0000

>> The DMARC proponents did engage mailman.   Version 2.1.16 includes support
>> for a setting that makes the operation of the list DMARC-friendly, though
>> likely in a way some people will find unpalatable. 
>
>Please tell us more about that.

It turns it into a pure forwarder, no subject tags, message footers,
or anything else that might break a DKIM signature.

Of course, even if you do that, it still won't solve the problems that
DMARC causes.  Consider, for example, a Yahoo mail user who prefers
the Gmail interface, so has set up Gmail to collect her Yahoo mail,
and sends her mail from Gmail using her existing Yahoo address.  Gmail
does COI confirmation before letting you use your other outgoing
address, no forgery allowed.  Yahoo provides POP and IMAP service, so
this is clearly something Yahoo anticipated.

As I said in my prior screed, the only way to un-break DMARC is to
whitelist the exceptions.

R's,
John