IETF Logo Mail Archive

Re: dmarc damage, was gmail users read on... [bozo subtopic]

Doug Barton <dougb@dougbarton.us> Thu, 11 September 2014 17:30 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001CC1A01E4 for <ietf@ietfa.amsl.com>; Thu, 11 Sep 2014 10:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.054
X-Spam-Level:
X-Spam-Status: No, score=-3.054 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-1.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ya18VcCBcK5 for <ietf@ietfa.amsl.com>; Thu, 11 Sep 2014 10:30:36 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [208.79.90.218]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C45B1A6F85 for <ietf@ietf.org>; Thu, 11 Sep 2014 10:30:36 -0700 (PDT)
Received: from bcn-dbarton.lan (unknown [67.159.169.102]) by dougbarton.us (Postfix) with ESMTPSA id 6799B22B46 for <ietf@ietf.org>; Thu, 11 Sep 2014 17:30:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dkim; t=1410456632; bh=3p7vhXRsRDxVsn3GvEYcjQJTRtYIdux3Yjz7WPxsQek=; h=Date:From:To:Subject:References:In-Reply-To; b=DmgVTrcEydGh/2Z10yAHAd36xcjGcRjTGeflHLD9m1HF+K0Sr+V+bxb/oRr+3Y1en dJWvsluCHHFeS5x5LkvNHOnmv5hURfMkWDagnkjk+Q9P1ffLVGNcFGfPRdqjkteKdX KN2/C3AZweu3qfVX5OQYEfTkIwHaRQnXUAbfn7mU=
Message-ID: <5411DC37.8080101@dougbarton.us>
Date: Thu, 11 Sep 2014 10:30:31 -0700
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.1.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
References: <20140911012524.4078.qmail@joyce.lan> <5BDC34CDABC75F8588294487@JcK-HP8200.jck.com>
In-Reply-To: <5BDC34CDABC75F8588294487@JcK-HP8200.jck.com>
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/GK5-TWgJL_gBQjwEra57RJw4J04
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 17:30:38 -0000

On 9/11/14 9:54 AM, John C Klensin wrote:
>
>
> --On Thursday, September 11, 2014 01:25 +0000 John Levine
> <johnl@taugh.com> wrote:
>
>> ...
>> The one that's most widely used rewrites the From: line to put
>> the list's address in place of the author's.  It "works" in
>> the sense that it avoids DMARC rejections, but at the cost of
>> screwing up the mailing lists so you can't tell who wrote what
>> from the usual MUA display, and in many cases, you can't tell
>> who wrote a message at all unless you put the author's address
>> as the Reply-To, which has its own well known set of problems.
>
> FWIW (and with the understanding that you don't need
> convincing), I find that approach really objectionable.   In
> addition to the pragmatic reasons you cite (and some others such
> as the ability to prioritize mail based on origin), we've been
> careful, almost since the dawn of network mail, to associate
> what now appears as "From:" with the actual originator of the
> message.  We've invented "Sender" and "Resent-" header fields to
> preserve that distinction and make it clear.  For a mail
> exploder to violate that principle, especially to make an
> ill-designed protocol work better, seems problematic to me.
> For the IETF, it is bad news when we cannot or will not adopt.
> use, and conform to one of our own established standards-track
> protocols.  But, if we have a system that does conform and we
> switch it to not conform in order to accommodate an unfortunate
> practice or design, that would be far worse, putting us in must
> the same position we put ITU in when we pointed out that they
> considered X.400 so stable, useful, and well-implemented that
> they were using SMTP.


John Klensin,

If you don't like that solution, what solution do you propose to deal 
with the large (by volume) installed base of DMARC domains relative to 
mailing list traffic? It's fine and good to talk about theory, more 
power to ya. :)  But as Brian pointed out the volume of list traffic 
that is being shunted to spam folders, or outright rejected, is only 
increasing. Continuing to complain about DMARC, or the way it's being 
used, is wasted electrons.

I proposed creating a draft for a standardized way of encoding the 
original from address to the left of the @ sign so that the mailing list 
sender could create a valid DKIM record, but clients could be taught to 
decode the original From:.  You and others pooh-pooh'ed that suggestion, 
but I haven't seen a better one yet.

John Levine,

Perhaps you could share what you're doing with the secretariat? I agree 
with John Klensin that it would be awesome for the IETF to become 
thought leaders in creating a solution for mailing lists in the p=reject 
era.

In any case, clearly "do nothing" is not the right answer here.

Doug

v2.23.0 | Report a Bug | By Email