Re: IETF Mailing Lists and DMARC
Ted Lemon <mellon@fugue.com> Wed, 02 November 2016 17:28 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B79412941D for <ietf@ietfa.amsl.com>; Wed, 2 Nov 2016 10:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9D-istXPSly for <ietf@ietfa.amsl.com>; Wed, 2 Nov 2016 10:28:27 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B361293E9 for <ietf@ietf.org>; Wed, 2 Nov 2016 10:28:27 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id b14so18845749lfg.2 for <ietf@ietf.org>; Wed, 02 Nov 2016 10:28:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vY/WMiCVfdCMeNCeOcpkbj8K3cN/EUk5BsCIsuaN5yQ=; b=OrrXTOAKk14q46wJfn7OLK7FQ49s9MF+AeD2lLPYsmHCeCJsxS8ovUxq9IY+Z9Zr6p f/TUh0cnSLeEofIlEftL3pkz1eoaTJnI61y3tLYoJPKj3v6WHB8Zp47nhId/pdoiCrnP kXxsMBK+SzqhUbWhNM1E+mPu2iqj6gtxOTxNWYJ+kxyRdjSiup9aWL7aRLp3cIhEEie8 iTsxoSkxU6x1Fy9f8qv894EfA3ob+s3SolKBle/IAgQ23TwJHrs/zZwBYqO3NxguX3uM aTouxmLPZyy+LKy2aNeQhTwd05Ezw9qPUP6+4lFZNOtTe6Z6Na4SyktVljjrZ8YPsbE/ mmkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vY/WMiCVfdCMeNCeOcpkbj8K3cN/EUk5BsCIsuaN5yQ=; b=Z50OgUHQnWrXPlr6zLLAcco/D0pfeaoHxKE5E+HzCH6jqV8A7ge19wFH3f3NyFtuKL x2LL2wQo1Hq5DpRtj7UDO96iDBs+HFD4wCws2xEWobuTRCPwx2EqWTtGrpUrYFmCq7qR nEyHcqNGB9Xrx7OhwhKJYuW0OrwGgYOJ/JlE2RmqF+jRWj98UGnZhO0jtFrUAKhHrUJL YTKpZy+95zhNXg6C1qTQYetm+8gtH5SOxhJCgHWE343hSrFxcYCEGp8NgBApA4a1SDZA yFxJy7K4bXJWDuWBrAuKRna9fHQKyrmabbe4gwRTYquJ5xEdmXU7vEuxIvG2iONc+0Hh Ia/g==
X-Gm-Message-State: ABUngvfUv51uXyFU9OgAPiyi77Mmipb5Bf8eA3yIUuCe53XeebkxfgUplTG5JveD7ZhbTj+s3RK92pwYddd6NA==
X-Received: by 10.25.18.201 with SMTP id 70mr2500736lfs.78.1478107705223; Wed, 02 Nov 2016 10:28:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.160.202 with HTTP; Wed, 2 Nov 2016 10:27:44 -0700 (PDT)
In-Reply-To: <CE39F90A45FF0C49A1EA229FC9899B0526789ED8@USCLES544.agna.amgreetings.com>
References: <CAPt1N1k1wg9mbN-guuarFP0NvX7v-suOY-bP=TDEOCVhK-epmg@mail.gmail.com> <20161102165600.67029.qmail@ary.lan> <CE39F90A45FF0C49A1EA229FC9899B0526789ED8@USCLES544.agna.amgreetings.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 02 Nov 2016 13:27:44 -0400
Message-ID: <CAPt1N1=_jvrNbhxDyWXpJszUtqRZEEouRibwgWD1aY5wfhsX_Q@mail.gmail.com>
Subject: Re: IETF Mailing Lists and DMARC
To: "MH Michael Hammer (5304)" <MHammer@ag.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/GF_NyaLodWHOmyCtnFNuKM7q2Ms>
Cc: John Levine <johnl@taugh.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 17:28:29 -0000
There's a pretty clear ops problem here that could be solved by simply detecting addresses with DMARC and rewriting the From: headers on those messages. This would eliminate all problems immediately. Then there are protocol solutions that might be adopted over time, but will continue to present problems in the near term. I would think that the pragmatic thing to do would be to do the immediate fix, and then later on try to phase in the protocol fix. Ideally, the protocol fix would be detectable. On Wed, Nov 2, 2016 at 1:04 PM, MH Michael Hammer (5304) <MHammer@ag.com> wrote: > > >> -----Original Message----- >> From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of John Levine >> Sent: Wednesday, November 02, 2016 12:56 PM >> To: ietf@ietf.org >> Subject: Re: IETF Mailing Lists and DMARC >> >> In article <CAPt1N1k1wg9mbN-guuarFP0NvX7v-suOY-bP=TDEOCVhK- >> epmg@mail.gmail.com> you write: >> >And yet it is still happening, despite there being a great deal of >> >discussion in the archives... :/ >> >> Yes, because at this point, all of the solutions are worse than the problem. >> See this page for a roundup of DMARC mitigations: >> >> http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_ma >> il >> >> The work on ARC is coming along fairly fast. There was a second compatibility >> event a couple of weeks ago among various implementations, and people >> tell me there should be usable libraries around the end of the year. Once >> there's an ARC addon for Mailman and we use that, the DMARC damage >> should drop considerably, without us having to change the way we use our >> lists. >> > > It's not clear to me that this is true John. DMARC Validators will need to take ARC into consideration and we don't know what adoption will look like other than a handful of players at this point. > > Mike >
- Re: IETF Mailing Lists and DMARC Dave Crocker
- IETF Mailing Lists and DMARC Cullen Jennings
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC John Levine
- RE: IETF Mailing Lists and DMARC MH Michael Hammer (5304)
- RE: IETF Mailing Lists and DMARC John R Levine
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC Dave Crocker
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Paul Hoffman
- Re: IETF Mailing Lists and DMARC John C Klensin
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Michael Richardson
- Re: IETF Mailing Lists and DMARC Yoav Nir
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Yoav Nir
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Hector Santos
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Dave Crocker
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: IETF Mailing Lists and DMARC Cullen Jennings
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Cullen Jennings
- Re: IETF Mailing Lists and DMARC S Moonesamy
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brian E Carpenter
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC John Levine
- Identification of an email author (was - Re: [dma… Dave Crocker
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Terry Zink
- Re: IETF Mailing Lists and DMARC John Levine
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- Next step on IETF Mailing Lists and DMARC Alexey Melnikov
- Re: IETF Mailing Lists and DMARC Bob Hinden
- RE: IETF Mailing Lists and DMARC MH Michael Hammer (5304)
- Re: IETF Mailing Lists and DMARC Ted Lemon
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Terry Zink
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Steve Atkins
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- Options for temporary operational solution to DMA… Ted Lemon
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: [dmarc-ietf] Identification of an email autho… Brandon Long
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Franck Martin
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Hector Santos
- Re: Options for temporary operational solution to… Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC John C Klensin
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC John C Klensin
- Re: Options for temporary operational solution to… John Leslie
- RE: [dmarc-ietf] Identification of an email autho… Terry Zink
- Re: Options for temporary operational solution to… Toerless Eckert
- Re: [dmarc-ietf] Identification of an email autho… Ted Lemon
- Re: Options for temporary operational solution to… John Levine
- RE: [dmarc-ietf] Identification of an email autho… Terry Zink
- Re: Options for temporary operational solution to… Ted Lemon
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Christian Huitema
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brian E Carpenter
- Re: Options for temporary operational solution to… Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: Options for temporary operational solution to… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… Franck Martin
- Re: [dmarc-ietf] Identification of an email autho… Khaled Omar
- Re: [dmarc-ietf] Identification of an email autho… S Moonesamy
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… ned+ietf
- Re: [dmarc-ietf] Identification of an email autho… Franck Martin
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… John C Klensin
- Re: [dmarc-ietf] Identification of an email autho… Brandon Long