Re: (DMARC) We've been here before, was Why mailing lists
Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 18 April 2014 20:47 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A621D1A03BA for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 13:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level:
X-Spam-Status: No, score=-1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJpzL9cgVSC2 for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 13:47:32 -0700 (PDT)
Received: from mail-pb0-x232.google.com (mail-pb0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id DA0451A02EB for <ietf@ietf.org>; Fri, 18 Apr 2014 13:47:32 -0700 (PDT)
Received: by mail-pb0-f50.google.com with SMTP id md12so1791661pbc.23 for <ietf@ietf.org>; Fri, 18 Apr 2014 13:47:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=XiXLjN4IJAE8Ubua6ooKChb/H0YqXYq0hCF880j2vTg=; b=bFR+3XfQE6wlo+6+NhQHo+Ub97zr+rpwSmrMi4WRD7wFNyVwsdgjCuIXShqoNzsS8Y DfR7dsvRu8IIuyZ5Z6BiNvY8gWJK1DvBDwNlvvP2Qs9Y25gm0PkxPyTwjkyzRX2EkMrz Ma5qzGVgwCIYqwJjLCx6ZP+tUgMDwhAtBATraAcds6MU1QLqbjI4sCC+zIqxG+ZN7mi2 85rQXaEdZqbJ1XROAdYJw5a4cGVT2X70Aem4yufql5wCqaf5nLJvqmRLm6IRGhDe86NG T/y7rf7glMCNFFA+CwRxojSaz3bWOWMKvdN2JCjThb7PPFgHznp2VHtak/tYVZTCDTR2 GC5g==
X-Received: by 10.68.200.133 with SMTP id js5mr24280049pbc.138.1397854048989; Fri, 18 Apr 2014 13:47:28 -0700 (PDT)
Received: from [192.168.178.20] (225.195.69.111.dynamic.snap.net.nz. [111.69.195.225]) by mx.google.com with ESMTPSA id vg1sm61744685pbc.44.2014.04.18.13.47.26 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 18 Apr 2014 13:47:28 -0700 (PDT)
Message-ID: <53518F69.90703@gmail.com>
Date: Sat, 19 Apr 2014 08:47:37 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Murray S. Kucherawy" <superuser@gmail.com>
Subject: Re: (DMARC) We've been here before, was Why mailing lists
References: <20140417181815.8A5871ACD1@ld9781.wdf.sap.corp> <9451.1397772992@sandelman.ca> <CAL0qLwa0a4nDAdCHkkMJdeemsj+cezcmH3+59CvhF8q7B72ryg@mail.gmail.com>
In-Reply-To: <CAL0qLwa0a4nDAdCHkkMJdeemsj+cezcmH3+59CvhF8q7B72ryg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/O8pYlCq221Il--JFBVNsjlYNHIk
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Pete Resnick <presnick@qti.qualcomm.com>, John R Levine <johnl@taugh.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 20:47:33 -0000
On 19/04/2014 03:20, Murray S. Kucherawy wrote: ... > One of the key points about DMARC's design is that it's concerned > specifically with From:. The reason is that the content of From: is what's > typically shown to the recipient by MUAs. If DMARC keyed off Sender: > instead, then this would work: > > MAIL FROM: haha@badguy.example.com > > From: security@paypal.com > Sender: haha@badguy.example.com > DKIM-Signature: v=1; d=badguy.example.com; ... So, if the From says From: goodguy@yahoo.com <haha@badguy.example.com> many UAs would show only goodguy@yahoo.com as the sender, but badguy could have passed DMARC, no? This would not exactly enhance goodguy's reputation, or Yahoo's for that matter. I realise it isn't the exploit that Yahoo is trying to stop, but it suggests to me that DMARC is only plugging one small hole in a very leaky dam. Brian
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- DMARC: perspectives from a listadmin of large ope… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… Robin H. Johnson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- RE: DMARC: perspectives from a listadmin of large… Alex Ojeda
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- RE: DMARC: perspectives from a listadmin of large… l.wood
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… John C Klensin
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Mailman 2.1.16 [DMARC: perspectives from a listad… Brian E Carpenter
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- Re: protecting the Internet from DMARC damage, wa… John Levine
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John Levine
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: DMARC: perspectives from a listadmin of large… Murray S. Kucherawy
- RE: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Douglas Otis
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: protecting the Internet from DMARC damage, wa… MH Michael Hammer (5304)
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: protecting the Internet from DMARC damage, wa… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Doug Barton
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: protecting the Internet from DMARC damage, wa… Murray S. Kucherawy
- Re: DMARC: perspectives from a listadmin of large… Dave Cridland
- Re: DMARC: perspectives from a listadmin of large… Alessandro Vesely
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… ned+ietf
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… John R Levine
- Re: DMARC: perspectives from a listadmin of large… Dave Crocker
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… S Moonesamy
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: Mailman 2.1.16 [DMARC: perspectives from a li… Brian E Carpenter
- RE: DMARC: perspectives from a listadmin of large… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Hector Santos
- Re: DMARC: perspectives from a listadmin of large… Brian E Carpenter
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Re: DMARC: perspectives from a listadmin of large… Sabahattin Gucukoglu
- Re: DMARC: perspectives from a listadmin of large… Scott Kitterman
- Re: DMARC: perspectives from a listadmin of large… Theodore Ts'o
- Let's talk (was: DMARC: perspectives from a lista… S Moonesamy
- (DMARC) Why mailing lists are only sort of special John R Levine
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… John R. Levine
- Re: DMARC: perspectives from a listadmin of large… Pete Resnick
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: DMARC: perspectives from a listadmin of large… Michael Richardson
- Re: DMARC: perspectives from a listadmin of large… John Levine
- RE: Let's talk (was: DMARC: perspectives from a l… S Moonesamy
- Re: Let's talk (was: DMARC: perspectives from a l… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: Let's talk (was: DMARC: perspectives from a l… MH Michael Hammer (5304)
- Re: (DMARC) Why mailing lists are only sort of sp… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Murray S. Kucherawy
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… tytso
- Re: DMARC: perspectives from a listadmin of large… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… Mark Andrews
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) Why mailing lists are only sort of sp… Martin Rex
- Re: (DMARC) Why mailing lists are only sort of sp… Yoav Nir
- Re: (DMARC) Why mailing lists are only sort of sp… Dave Cridland
- RE: (DMARC) Why mailing lists are only sort of sp… MH Michael Hammer (5304)
- Re: (DMARC) We've been here before, was Why maili… Pete Resnick
- Re: (DMARC) Why mailing lists are only sort of sp… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… ned+ietf
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Martin Rex
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… Michael Richardson
- Re: (DMARC) Why mailing lists are only sort of sp… Michael Richardson
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) How a whitelist would work, was Why m… Miles Fidelman
- Re: (DMARC) Why mailing lists are only sort of sp… John Levine
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) How a whitelist would work, was Why m… Yoav Nir
- Re: (DMARC) How a whitelist would work, was Why m… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Douglas Otis
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… John R Levine
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… tytso
- Re: (DMARC) We've been here before, was Why maili… Brian E Carpenter
- Re: (DMARC) We've been here before, was Why maili… Murray S. Kucherawy
- Re: (DMARC) We've been here before, was Why maili… Theodore Ts'o
- [off-off-track] Re: (DMARC) We've been here befor… Miles Fidelman
- Re: (DMARC) We've been here before, was Why maili… John Levine
- Re: (DMARC) We've been here before, was Why maili… Alessandro Vesely