Re: DMARC: perspectives from a listadmin of large open-source lists

"John Levine" <johnl@taugh.com> Wed, 16 April 2014 14:09 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 718D81A01C5 for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 07:09:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.542
X-Spam-Level: *
X-Spam-Status: No, score=1.542 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id akEEEbni-pWE for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 07:09:23 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id D67A21A01C2 for <ietf@ietf.org>; Wed, 16 Apr 2014 07:09:22 -0700 (PDT)
Received: (qmail 30583 invoked from network); 16 Apr 2014 14:09:19 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 16 Apr 2014 14:09:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=aac0.534e8f0f.k1404; i=johnl@user.iecc.com; bh=lQ9e6uSU3YAafUvfzdshAWn/G+YxMdEVw5CgDCLw6tg=; b=Wa6Y3VB6HYhpWo23Tqrcq5i6zEHMIvafF0QOM8FVGIdkjvCxVJyIFf9nqjorZj33NLhF9hA9j8qZ18FZkm2UrxcxGEJqsR+zXHdHTSarZFEOEiJU6E7Hc54MN23QLaZq6+ORgrh7Gq/eGrWP0tkxI6RnGUPdxZBth6ZRUO2aPje2KktuWvrSiMdj4sAMbDySjyjL2oHQeOmNcThm0IxU4Y3/8UrFaBHZdqqwOdIrXMdMHyqOWpCp6iA/Mz/MmosF
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=aac0.534e8f0f.k1404; olt=johnl@user.iecc.com; bh=lQ9e6uSU3YAafUvfzdshAWn/G+YxMdEVw5CgDCLw6tg=; b=ExyChyyjZ8y0fB2R34VOCZNVgSPpnCpRNOuhScSQjT4kaSkUwv9TIEtWI08d0dhr14DlsIdMVTd9hW24oCp5CmtSMS4SNCQ/aarZAGgXte1NqxkMnHc8mczlDTVFp649wWadGMpPR6bSPGBSOLsOFCkB0kIyykqz36+Y+6bvTX43OY+oPOmS21WQaaTzJ7rBiWyuavkVGRAEpQV86Un3zoMD19g2JmMzclhqMJf2G589i5fBRbqHuxVNoVP0+AiH
Date: 16 Apr 2014 14:08:56 -0000
Message-ID: <20140416140856.43711.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <534E6AC1.7030709@qti.qualcomm.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/K_YHv3XoYAND6lzRJIJUxv6sTdg
Cc: presnick@qti.qualcomm.com
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 14:09:27 -0000

>..., you 
>could create a mechanism where the originator's site gets some sort of 
>cryptographic data from the mailing list site and include that in its 
>signed message, such that when the eventual recipient gets the message, 
>it can verify that it came from a mailing list site that the originator 
>explicitly sent the mail to.

The Sympa list manager implemented that in what appears to be a fully
RFC compliant way about a decade ago:

http://www.sympa.org/manual/x509

I don't get the impression it's very widely used.

Every discussion list security proposal I've ever seen includes
building a whitelist of trustworthy mailers, to avoid being spoofed by
bad guys that look like discussion lists but aren't.  Once you've done
that, I've never understood the threat model of anything more complex
than delivering the mail from the whitelisted sources, perhaps after a
cursory check to ensure that it looks like the mail you were
expecting.

R's,
John