Re: (DMARC) Why mailing lists are only sort of special

Yoav Nir <ynir.ietf@gmail.com> Thu, 17 April 2014 10:50 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DB6B1A00ED for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 03:50:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vP6v88tCSMxa for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 03:50:37 -0700 (PDT)
Received: from mail-we0-x233.google.com (mail-we0-x233.google.com [IPv6:2a00:1450:400c:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 6B0F11A004D for <ietf@ietf.org>; Thu, 17 Apr 2014 03:50:37 -0700 (PDT)
Received: by mail-we0-f179.google.com with SMTP id x48so266010wes.24 for <ietf@ietf.org>; Thu, 17 Apr 2014 03:50:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=otXWgoX0UMYM4gLQLugpE2SgVluv3QqluuTFuHS9Ei0=; b=z0L4RoWxPEikJjmOeqew1EuxLiql3yCejjGk457zfqtRbQ9Le57lHC/IlYPVQ7vxbe uTcpus3bkWQ5SJiMFDN7+YTudCqASA3YFTZckYrUVggUbXoHbBVka28uedsEedtSvpcD rTISJPm69TE4xPiPgtcj/nyWaCSp+xyEnk3QDGa3gw7u3V4blSAP4ALU6ColrXDJhrXz WKntHsHsfViuZ9kb+FDzo2XmV50YUf0kzDd7JbehZ9p5XUCTN3UYltvW63GtRfRAYKEh xac8bUvAWhIf24XmYG3lPCq/AAxY2yN8B/ZExQbWqhH9y1IHdQfgyrSGeeKInjbaUtp/ I1YA==
X-Received: by 10.180.93.226 with SMTP id cx2mr23922277wib.16.1397731833344; Thu, 17 Apr 2014 03:50:33 -0700 (PDT)
Received: from [172.24.248.99] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id f1sm4112255wic.19.2014.04.17.03.50.32 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 17 Apr 2014 03:50:32 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_DCFEA808-620C-440E-8462-CFBB1D82F7DA"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: (DMARC) Why mailing lists are only sort of special
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAKHUCzwZ29TAAjJ3_w+0aaoN-L2o+CGHYaMQ=TOEqYdVn5rQHg@mail.gmail.com>
Date: Thu, 17 Apr 2014 13:50:30 +0300
Message-Id: <B3467912-BDCA-4AE8-9939-60013DA99267@gmail.com>
References: <CE39F90A45FF0C49A1EA229FC9899B0507D45766@USCLES544.agna.amgreetings.com> <20140414214949.32126.qmail@joyce.lan> <CE39F90A45FF0C49A1EA229FC9899B0507D460CB@USCLES544.agna.amgreetings.com> <alpine.BSF.2.00.1404142150430.32657@joyce.lan> <CAL0qLwbPMm_i0fqNSGQPv=xZaiNASy=icsRNudaNJ_3PNtX3Og@mail.gmail.com> <alpine.BSF.2.00.1404151832460.38826@joyce.lan> <CAL0qLwZUptJVw85T2FjB2HRGoOvcOUHKiQXeadM0QE9BsFVM9w@mail.gmail.com> <CAKHUCzxpwS+nR9wRGOzU_83f7XabMr0pwB5x-MHrqM-28r80kw@mail.gmail.com> <CAKHUCzzw9mufrTCOBQOkRrZU6wOM21X8Y=FUEKf=qnzS9VESjA@mail.gmail.com> <alpine.BSF.2.00.1404161654430.2065@joyce.lan> <CAKHUCzwZ29TAAjJ3_w+0aaoN-L2o+CGHYaMQ=TOEqYdVn5rQHg@mail.gmail.com>
To: Dave Cridland <dave@cridland.net>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/JMImcrFG1qz--B0STIJJXgvz_LI
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 10:50:42 -0000

On Apr 17, 2014, at 9:35 AM, Dave Cridland <dave@cridland.net> wrote:

> On 16 April 2014 21:57, John R Levine <johnl@taugh.com> wrote:
> This means that mailing lists (and other forwarding cases) are enforced
> into having DMARC records in order to forward DMARC originating messages,
> which seems reasonable, and the Sender addresses must also be relatively
> sensible, which they normally are already.
> 
> I may be missing something.
> 
> How do I distinguish the nice mailing lists at ietf.org from random evil spammer domains sending spam with List-ID headers?
> 
> Every proposal I've seen like this ends up tripping over the fact that there is no technical way to distinguish between mail from real mailing lists and spam that looks like it's from mailing lists.  Hence you need a whitelist for the real mail, at which point all of the mechanism beyond the key for the whitelist (probably a DKIM signature) is superfluous.
> 
> 
> There's no more need for whitelist here than on DMARC mail as things stand, of course, but it does mean that senders need tracking as well as authors, and senders need to be explicit and reliable. I'd assume reputation services (of which whitelists are just an extreme case) would be in play regardless.
> 
> Let's consider the message to which I am replying.
> 
> Right now, my MUA treats this as a message "From John R Levine <johnl@taugh.com>"m>". This means that any policy on the message origination comes from looking solely at the taugh.com domain. We'll pretend it has a DMARC policy. Herein lies the Yahoo/DMARC issue, because unless your policy essentially stipulates that the IETF is allowed to spoof you, we're stuck.

<disclaimer> speaking only as an end-user here </disclaimer>

Then perhaps this is what needs to change. John R Levine did not send you a message. He sent a message to the list. It is the list software that sent you a message. So perhaps the From field should have been “From: IETF Mailing list on behalf of John R Levine <ietf@ietf.org>”g>”. The Reply-To could be set to either John’s real address or the mailing list address, depending on what we think users mean when they click “Reply” - reply to John or reply to the list.

Yoav