Re: [IETF] DMARC methods in mailman

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 27 December 2016 19:02 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1498129AD7 for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 11:02:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p1UC2t-rbjMc for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 11:02:28 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C497129AD5 for <ietf@ietf.org>; Tue, 27 Dec 2016 11:02:28 -0800 (PST)
Received: from [172.31.30.83] (gzac12-mdf2-1.aoa.twosigma.com [208.77.215.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 3D6E0282D54 for <ietf@ietf.org>; Tue, 27 Dec 2016 19:02:27 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: [IETF] DMARC methods in mailman
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <49a2a831-a096-233a-3e48-0a87fa98e6ef@dcrocker.net>
Date: Tue, 27 Dec 2016 14:02:26 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <0BE40471-1783-4C75-84FB-1CFEBC9CDB12@dukhovni.org>
References: <20161226205249.rneaenhh5c2dcpz4@thunk.org> <20161227013401.11378.qmail@ary.lan> <03e401d25fe5$5f32a5f0$1d97f1d0$@huitema.net> <6ec78001-e522-70cc-6592-0228492b8f74@dcrocker.net> <000201d26070$248a9030$6d9fb090$@huitema.net> <49a2a831-a096-233a-3e48-0a87fa98e6ef@dcrocker.net>
To: IETF general list <ietf@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/HEuo-EcNsBkScDbWTgsA1Y2iipI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: IETF general list <ietf@ietf.org>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2016 19:02:30 -0000

> On Dec 27, 2016, at 1:46 PM, Dave Crocker <dhc@dcrocker.net> wrote:
> 
> Worse, Viktor's line of logic presumes the modified From field somehow gets the message past filters better, and that is just plain wrong.

I was not suggesting any modification of the message From: line.  Rather
I was applauding the fact that Outlook (for one) presents a more detailed
view of the message headers than is common practice.  In particular, it
augments the displayed origin information with Sender context when present.

If "Sender + From" are displayed as in Outlook, then it becomes reasonable
to authenticate Sender when present, and not apply authentication policy
to "From", since the message is not in fact *from* the author.  It is from
the sender, (purportedly) on behalf of the author.

It is rather implausible that phishers will want to present their messages
this way (on behalf of), most users don't receive such email, and it will
stand out as unexpected.  And users who still believe such messages to be
legitimately *from* the purported author and fall victim to scams will fall
for a myriad other misdirections.

Breaking legitimate use-cases (lists) in order to fail to "solve phishing"
is counterproductive in my view.  Yahoo's DMARC cost reduction would also
be equally effective if they displayed "on behalf of" given "Sender:"
as in Outlook, and authenticated the Sender domain instead.  This would do
no damage to mailing lists.

-- 
	Viktor.