Re: What I've been wondering about the DMARC problem

Sabahattin Gucukoglu <> Thu, 17 April 2014 10:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E8FEA1A009E for <>; Thu, 17 Apr 2014 03:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id umJwa52XIZGP for <>; Thu, 17 Apr 2014 03:03:58 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id EC4051A0090 for <>; Thu, 17 Apr 2014 03:03:57 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from [] ( []) by (Oracle Communications Messaging Server 7u4-27.08( 64bit (built Aug 22 2013)) with ESMTPSA id <> for; Thu, 17 Apr 2014 10:03:52 +0000 (GMT)
Subject: Re: What I've been wondering about the DMARC problem
From: Sabahattin Gucukoglu <>
In-reply-to: <>
Date: Thu, 17 Apr 2014 11:03:41 +0100
Message-id: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
To: Brian E Carpenter <>
X-Mailer: Apple Mail (2.1510)
X-CLX-Spam: false
X-CLX-Score: 1011
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96, 1.0.14, 0.0.0000 definitions=2014-04-17_03:2014-04-17, 2014-04-17, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404170150
Cc: Jim Fenton <>, IETF discussion list <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Apr 2014 10:04:02 -0000

On 16 Apr 2014, at 21:36, Brian E Carpenter <> wrote:
> On 16/04/2014 18:58, Sabahattin Gucukoglu wrote:
>> On 15 Apr 2014, at 21:38, Brian E Carpenter <> wrote:
>>> The mailman fix is worse than the disease. I think the .INVALID fix is
>>> much better, because Reply-all will still work.
>> Reply-all should still work with the Mailman fix; 
> It doesn't work *properly*. Firstly, this message wouldn't be sent
> to you with CC to the list, which is the correct semantic.
> If you weren't a subscriber, you would never see it. Secondly,

Sorry, but I appear to be confused.

The Reply-To: field is adjusted to be the author's address, on a discussion list like this where replies go back to the authors.  Just in case we're talking across purposes somehow and to avoid all doubt, the fix we are talking about is described here:

Unless your MUA is doing something very unusual, and some do, then pressing "Reply all" should produce a message addressed to me, with a CC that contains the remainder of the recipient addresses.  The From: is completely irrelevant.

I'm just waiting to be told that I've missed the obvious. :)

Now, FWIW, a better way is as has been suggested here, namely to synthesise addresses for each subscriber.  That's how I'd do it: every mailing list post has its From: rewritten, like:

That address remails to you, first checking that a subscriber of the list is recognised.  In the process, it performs the same transformation on the From: field of the message, so as to pass SPF alignment.  It is hoped that your interlocutor happens to be on the list, also, or that you are still on the list when he is trying to contact you.

> the first line above would read:
> On 16/04/2014 18:58, IETF discussion list wrote:
> which is untrue.

It isn't necessary to change the personal name.  Some MUAs may very cleverly add one in the absence of one, or store it in an address book, though, incorrectly.  With the resend method above this issue is less problematic; furthermore the list software can add "(via listname)" to make the distinction less confusing.

No, none of these suggestions are perfect.  I'm not looking for a perfect solution though, I'm looking for one that works, for now.  Throwing people off my lists *is not* an option.