Re: [IETF] DMARC methods in mailman

Viktor Dukhovni <> Sun, 25 December 2016 18:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0586112951A for <>; Sun, 25 Dec 2016 10:06:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 81JvABBF02AU for <>; Sun, 25 Dec 2016 10:06:02 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C5A2C1294F0 for <>; Sun, 25 Dec 2016 10:06:02 -0800 (PST)
Received: from [IPv6:2604:2000:1382:81a2:300e:e520:130e:a1c0] (unknown [IPv6:2604:2000:1382:81a2:300e:e520:130e:a1c0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 6AB0A284B55 for <>; Sun, 25 Dec 2016 18:06:01 +0000 (UTC) (envelope-from
From: Viktor Dukhovni <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: [IETF] DMARC methods in mailman
Date: Sun, 25 Dec 2016 13:05:59 -0500
References: <> <>
To: IETF general list <>
In-Reply-To: <>
Message-Id: <>
X-Mailer: Apple Mail (2.3259)
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 25 Dec 2016 18:06:04 -0000

> On Dec 25, 2016, at 6:11 AM, Yoav Nir <> wrote:
> A per-receiver setting is one extra step for new subscribers. That’s something I’d rather avoid.

More importantly, recipients don't always know whether they need anti-DMARC
armour or not, and are neither responsible for nor consulted on potential
changes in the receiving domain's policies.  Therefore, per-recipient policy
is unlikely to work well.

If message (subject and/or body) modification is a hard requirement, then
it seems that for now anti-DMARC measures are needed in the "From:" header.
FWIW, my view is that forgoing message modification is better than From

The need for email origin authentication to specify that "Sender" preempts
"From" has been well understood for a long time before there there was DMARC.
If there is to be a non-broken replacement, it must correct this design error
and place the "burden" of dealing with that on any MUAs that fail to display
Sender (as e.g. from <sender> on behalf of <author>).