Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists
"John Levine" <johnl@taugh.com> Fri, 11 May 2018 21:31 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFBED12D779 for <ietf@ietfa.amsl.com>; Fri, 11 May 2018 14:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=f/FU4E7N; dkim=pass (1536-bit key) header.d=taugh.com header.b=tKig9W0a
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWW8NReH2mwZ for <ietf@ietfa.amsl.com>; Fri, 11 May 2018 14:31:40 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D8AE127909 for <ietf@ietf.org>; Fri, 11 May 2018 14:31:40 -0700 (PDT)
Received: (qmail 76786 invoked from network); 11 May 2018 21:31:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=12bf0.5af60bbb.k1805; bh=qSyvRJ18egAWhd0WLUimfUcPzE7KcDVCxy8cjoqdT90=; b=f/FU4E7NJdcdV/Y1vt/Jvug8kE8TYWBy4ev0F8YtTH8+TnjXLCIh6Mkeec/eE3r9d/1UCDxs50uu0/Eq2MbmSy7hj+P6kGxLODFD0OQQFSxM6nAVJYUgY3W6FjL/DYk22D25q+HzQES8vzPVuKIvd7I4Gmbvwi7q04uxLWofOZK4bbfYjLnLlPc2N3jjEkNfAt3qWLvCRkx28mtwLTys1QRG8neEBXvtNfR0jf1YeB/VDV7Z5udncC9NLEDe/y3v
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=12bf0.5af60bbb.k1805; bh=qSyvRJ18egAWhd0WLUimfUcPzE7KcDVCxy8cjoqdT90=; b=tKig9W0af5RSoFJzpJ6kQVwEaoK0bnnHdXYz8+XJry6+VWYxbqyHdmmsx3/tGAtSi7F8cPLcr/FGG4r08UaZgzaezluPkTI6RXv1Wr2Ul00BnYnnIMwpGlHJF2V2f6iTUGVlUsbywVgud4huSPuYJqaORjQs3z124eIyxF+Y7dFM/Ib+RDeD81oaL8ZXswsxnGAQ/pZiHM6x62JnRYmqvYBq1O8ojFx0QXAms26xX8YXNndzEnmKIW538Mj6+/Vl
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 11 May 2018 21:31:38 -0000
Received: by ary.qy (Postfix, from userid 501) id D86C7266D234; Fri, 11 May 2018 17:31:38 -0400 (EDT)
Date: Fri, 11 May 2018 17:31:38 -0400
Message-Id: <20180511213138.D86C7266D234@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Cc: john-ietf@jck.com
Subject: Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists
In-Reply-To: <61B1EDB45FC4FF33154B13B0@PSB>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Ganjwt5IIYaPXK1_rYpfxTumxyw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 21:31:42 -0000
In article <61B1EDB45FC4FF33154B13B0@PSB> you write: >This may be the best that can be done given the degree to which >DMARC is an attack on the mail system ... Here's two related thoughts. I agree with everything bad you have to say about DMARC but we're stuck with it for the time being. There is s thing called ARC that large providers say they plan to use to re-enable list mail from DMARC'ed addresses. It's pretty far along, Gmail is adding ARC headers and sometimes looking at them, various mail libraries and list software are starting to support them, and sometime in the future we may be able to undo the anti-DMARC kludge. It's a kludges on kludges, but that is the nature of e-mail these days. > alexey%example.com@dmarc.ietf.org My experience is the same as Henrik's, percents don't work because many mail systems (usually correctly) assume it's a botnet looking for very old misconfigured sendmail open relays. I did the original rewrite hack on which the IETF's is based, but I rewrite the domain, so that address would be rewritten as alexey@example.com.dmarc.fail I have a wildcard MX to collect and forward the mail. Works great. Dunno why the current IETF scheme doesn't do that (perhaps postfix doesn't handle wildcarded domains as easily as qmail) but we can keep it in mind, since it doesn't mess with the local part and it should work with EAI the same as ASCII mail. For whoever said it's an open relay, sheesh, we're not totally dim. My scheme remembers what addresses it's rewritten and only forwards for those. Mine also uses really draconian spam filters since in this context it can safely assume that the only messages worth forwarding will be from individuals and anything bulky can be discarded. R's, John
- Re: Enabling DMARC workaround code for all IETF/I… Andrew G. Malis
- Re: Enabling DMARC workaround code for all IETF/I… Russ Housley
- Re: Enabling DMARC workaround code for all IETF/I… Andrew G. Malis
- Enabling DMARC workaround code for all IETF/IRTF … Alexey Melnikov
- Re: Enabling DMARC workaround code for all IETF/I… Andrew G. Malis
- Re: Enabling DMARC workaround code for all IETF/I… John C Klensin
- RE: Enabling DMARC workaround code for all IETF/I… MH Michael Hammer (5304)
- RE: Enabling DMARC workaround code for all IETF/I… John C Klensin
- Re: Enabling DMARC workaround code for all IETF/I… Alexey Melnikov
- Re: Enabling DMARC workaround code for all IETF/I… Ted Lemon
- Re: Enabling DMARC workaround code for all IETF/I… Andrew G. Malis
- Re: Enabling DMARC workaround code for all IETF/I… John C Klensin
- Re: Enabling DMARC workaround code for all IETF/I… Spencer Dawkins at IETF
- Re: Enabling DMARC workaround code for all IETF/I… John C Klensin
- Re: Enabling DMARC workaround code for all IETF/I… Viktor Dukhovni
- Re: Enabling DMARC workaround code for all IETF/I… Spencer Dawkins at IETF
- Re: Enabling DMARC workaround code for all IETF/I… John Levine
- Re: Enabling DMARC workaround code for all IETF/I… John C Klensin
- Re: Enabling DMARC workaround code for all IETF/I… Viktor Dukhovni
- Re: Enabling DMARC workaround code for all IETF/I… John Levine
- Re: Enabling DMARC workaround code for all IETF/I… Viktor Dukhovni
- Re: Enabling DMARC workaround code for all IETF/I… Hector Santos
- Integrity of mail systems (was Re: Enabling DMARC… Andrew Sullivan
- Re: Enabling DMARC workaround code for all IETF/I… Alessandro Vesely
- Re: Integrity of mail systems (was Re: Enabling D… John C Klensin
- Re: Integrity of mail systems (was Re: Enabling D… Michael Richardson
- Re: Integrity of mail systems (was Re: Enabling D… Phillip Hallam-Baker
- Re: Enabling DMARC workaround code for all IETF/I… Hector Santos
- Re: Enabling DMARC workaround code for all IETF/I… Brandon Long
- Re: Enabling DMARC workaround code for all IETF/I… Brian E Carpenter
- Re: Enabling DMARC workaround code for all IETF/I… Glen