IETF Logo Mail Archive

Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists

"John Levine" <johnl@taugh.com> Fri, 11 May 2018 21:31 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFBED12D779 for <ietf@ietfa.amsl.com>; Fri, 11 May 2018 14:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=f/FU4E7N; dkim=pass (1536-bit key) header.d=taugh.com header.b=tKig9W0a
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWW8NReH2mwZ for <ietf@ietfa.amsl.com>; Fri, 11 May 2018 14:31:40 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D8AE127909 for <ietf@ietf.org>; Fri, 11 May 2018 14:31:40 -0700 (PDT)
Received: (qmail 76786 invoked from network); 11 May 2018 21:31:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=12bf0.5af60bbb.k1805; bh=qSyvRJ18egAWhd0WLUimfUcPzE7KcDVCxy8cjoqdT90=; b=f/FU4E7NJdcdV/Y1vt/Jvug8kE8TYWBy4ev0F8YtTH8+TnjXLCIh6Mkeec/eE3r9d/1UCDxs50uu0/Eq2MbmSy7hj+P6kGxLODFD0OQQFSxM6nAVJYUgY3W6FjL/DYk22D25q+HzQES8vzPVuKIvd7I4Gmbvwi7q04uxLWofOZK4bbfYjLnLlPc2N3jjEkNfAt3qWLvCRkx28mtwLTys1QRG8neEBXvtNfR0jf1YeB/VDV7Z5udncC9NLEDe/y3v
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=12bf0.5af60bbb.k1805; bh=qSyvRJ18egAWhd0WLUimfUcPzE7KcDVCxy8cjoqdT90=; b=tKig9W0af5RSoFJzpJ6kQVwEaoK0bnnHdXYz8+XJry6+VWYxbqyHdmmsx3/tGAtSi7F8cPLcr/FGG4r08UaZgzaezluPkTI6RXv1Wr2Ul00BnYnnIMwpGlHJF2V2f6iTUGVlUsbywVgud4huSPuYJqaORjQs3z124eIyxF+Y7dFM/Ib+RDeD81oaL8ZXswsxnGAQ/pZiHM6x62JnRYmqvYBq1O8ojFx0QXAms26xX8YXNndzEnmKIW538Mj6+/Vl
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 11 May 2018 21:31:38 -0000
Received: by ary.qy (Postfix, from userid 501) id D86C7266D234; Fri, 11 May 2018 17:31:38 -0400 (EDT)
Date: Fri, 11 May 2018 17:31:38 -0400
Message-Id: <20180511213138.D86C7266D234@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Cc: john-ietf@jck.com
Subject: Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists
In-Reply-To: <61B1EDB45FC4FF33154B13B0@PSB>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Ganjwt5IIYaPXK1_rYpfxTumxyw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 21:31:42 -0000

In article <61B1EDB45FC4FF33154B13B0@PSB> you write:
>This may be the best that can be done given the degree to which
>DMARC is an attack on the mail system ...

Here's two related thoughts.

I agree with everything bad you have to say about DMARC but we're
stuck with it for the time being.  There is s thing called ARC that
large providers say they plan to use to re-enable list mail from
DMARC'ed addresses.  It's pretty far along, Gmail is adding ARC
headers and sometimes looking at them, various mail libraries and list
software are starting to support them, and sometime in the future we
may be able to undo the anti-DMARC kludge.  It's a kludges on kludges,
but that is the nature of e-mail these days.

>  alexey%example.com@dmarc.ietf.org

My experience is the same as Henrik's, percents don't work because
many mail systems (usually correctly) assume it's a botnet looking
for very old misconfigured sendmail open relays.

I did the original rewrite hack on which the IETF's is based, but I
rewrite the domain, so that address would be rewritten as

  alexey@example.com.dmarc.fail

I have a wildcard MX to collect and forward the mail.  Works great.
Dunno why the current IETF scheme doesn't do that (perhaps postfix
doesn't handle wildcarded domains as easily as qmail) but we can keep
it in mind, since it doesn't mess with the local part and it should
work with EAI the same as ASCII mail.

For whoever said it's an open relay, sheesh, we're not totally dim.
My scheme remembers what addresses it's rewritten and only forwards
for those.  Mine also uses really draconian spam filters since in this
context it can safely assume that the only messages worth forwarding
will be from individuals and anything bulky can be discarded.

R's,
John

v2.23.0 | Report a Bug | By Email