IETF Logo Mail Archive

Re: IETF Mailing Lists and DMARC

Ted Lemon <mellon@fugue.com> Wed, 02 November 2016 17:28 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B79412941D for <ietf@ietfa.amsl.com>; Wed, 2 Nov 2016 10:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9D-istXPSly for <ietf@ietfa.amsl.com>; Wed, 2 Nov 2016 10:28:27 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B361293E9 for <ietf@ietf.org>; Wed, 2 Nov 2016 10:28:27 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id b14so18845749lfg.2 for <ietf@ietf.org>; Wed, 02 Nov 2016 10:28:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vY/WMiCVfdCMeNCeOcpkbj8K3cN/EUk5BsCIsuaN5yQ=; b=OrrXTOAKk14q46wJfn7OLK7FQ49s9MF+AeD2lLPYsmHCeCJsxS8ovUxq9IY+Z9Zr6p f/TUh0cnSLeEofIlEftL3pkz1eoaTJnI61y3tLYoJPKj3v6WHB8Zp47nhId/pdoiCrnP kXxsMBK+SzqhUbWhNM1E+mPu2iqj6gtxOTxNWYJ+kxyRdjSiup9aWL7aRLp3cIhEEie8 iTsxoSkxU6x1Fy9f8qv894EfA3ob+s3SolKBle/IAgQ23TwJHrs/zZwBYqO3NxguX3uM aTouxmLPZyy+LKy2aNeQhTwd05Ezw9qPUP6+4lFZNOtTe6Z6Na4SyktVljjrZ8YPsbE/ mmkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vY/WMiCVfdCMeNCeOcpkbj8K3cN/EUk5BsCIsuaN5yQ=; b=Z50OgUHQnWrXPlr6zLLAcco/D0pfeaoHxKE5E+HzCH6jqV8A7ge19wFH3f3NyFtuKL x2LL2wQo1Hq5DpRtj7UDO96iDBs+HFD4wCws2xEWobuTRCPwx2EqWTtGrpUrYFmCq7qR nEyHcqNGB9Xrx7OhwhKJYuW0OrwGgYOJ/JlE2RmqF+jRWj98UGnZhO0jtFrUAKhHrUJL YTKpZy+95zhNXg6C1qTQYetm+8gtH5SOxhJCgHWE343hSrFxcYCEGp8NgBApA4a1SDZA yFxJy7K4bXJWDuWBrAuKRna9fHQKyrmabbe4gwRTYquJ5xEdmXU7vEuxIvG2iONc+0Hh Ia/g==
X-Gm-Message-State: ABUngvfUv51uXyFU9OgAPiyi77Mmipb5Bf8eA3yIUuCe53XeebkxfgUplTG5JveD7ZhbTj+s3RK92pwYddd6NA==
X-Received: by 10.25.18.201 with SMTP id 70mr2500736lfs.78.1478107705223; Wed, 02 Nov 2016 10:28:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.160.202 with HTTP; Wed, 2 Nov 2016 10:27:44 -0700 (PDT)
In-Reply-To: <CE39F90A45FF0C49A1EA229FC9899B0526789ED8@USCLES544.agna.amgreetings.com>
References: <CAPt1N1k1wg9mbN-guuarFP0NvX7v-suOY-bP=TDEOCVhK-epmg@mail.gmail.com> <20161102165600.67029.qmail@ary.lan> <CE39F90A45FF0C49A1EA229FC9899B0526789ED8@USCLES544.agna.amgreetings.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 02 Nov 2016 13:27:44 -0400
Message-ID: <CAPt1N1=_jvrNbhxDyWXpJszUtqRZEEouRibwgWD1aY5wfhsX_Q@mail.gmail.com>
Subject: Re: IETF Mailing Lists and DMARC
To: "MH Michael Hammer (5304)" <MHammer@ag.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/GF_NyaLodWHOmyCtnFNuKM7q2Ms>
Cc: John Levine <johnl@taugh.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 17:28:29 -0000

There's a pretty clear ops problem here that could be solved by simply
detecting addresses with DMARC and rewriting the From: headers on
those messages.   This would eliminate all problems immediately.
Then there are protocol solutions that might be adopted over time, but
will continue to present problems in the near term.   I would think
that the pragmatic thing to do would be to do the immediate fix, and
then later on try to phase in the protocol fix.   Ideally, the
protocol fix would be detectable.

On Wed, Nov 2, 2016 at 1:04 PM, MH Michael Hammer (5304) <MHammer@ag.com> wrote:
>
>
>> -----Original Message-----
>> From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of John Levine
>> Sent: Wednesday, November 02, 2016 12:56 PM
>> To: ietf@ietf.org
>> Subject: Re: IETF Mailing Lists and DMARC
>>
>> In article <CAPt1N1k1wg9mbN-guuarFP0NvX7v-suOY-bP=TDEOCVhK-
>> epmg@mail.gmail.com> you write:
>> >And yet it is still happening, despite there being a great deal of
>> >discussion in the archives...   :/
>>
>> Yes, because at this point, all of the solutions are worse than the problem.
>> See this page for a roundup of DMARC mitigations:
>>
>> http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_ma
>> il
>>
>> The work on ARC is coming along fairly fast.  There was a second compatibility
>> event a couple of weeks ago among various implementations, and people
>> tell me there should be usable libraries around the end of the year.  Once
>> there's an ARC addon for Mailman and we use that, the DMARC damage
>> should drop considerably, without us having to change the way we use our
>> lists.
>>
>
> It's not clear to me that this is true John. DMARC Validators will need to take ARC into consideration and we don't know what adoption will look like other than a handful of players at this point.
>
> Mike
>

v2.23.0 | Report a Bug | By Email