Re: What I've been wondering about the DMARC problem

Sabahattin Gucukoglu <listsebby@me.com> Thu, 17 April 2014 10:04 UTC

Return-Path: <listsebby@me.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8FEA1A009E for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 03:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umJwa52XIZGP for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 03:03:58 -0700 (PDT)
Received: from st11p02mm-asmtp002.mac.com (st11p02mm-asmtp002.mac.com [17.172.220.237]) by ietfa.amsl.com (Postfix) with ESMTP id EC4051A0090 for <ietf@ietf.org>; Thu, 17 Apr 2014 03:03:57 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from [192.168.1.6] (natbox.sabahattin-gucukoglu.com [213.123.192.30]) by st11p02mm-asmtp002.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0N4600M646M6VE00@st11p02mm-asmtp002.mac.com> for ietf@ietf.org; Thu, 17 Apr 2014 10:03:52 +0000 (GMT)
Subject: Re: What I've been wondering about the DMARC problem
From: Sabahattin Gucukoglu <listsebby@me.com>
In-reply-to: <534EE9EA.9060403@gmail.com>
Date: Thu, 17 Apr 2014 11:03:41 +0100
Message-id: <09B6AA22-9D1D-4EE4-AB27-2506A1E08EDA@me.com>
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAKW6Ri5f5KZyJeL7RTG2T000Qd+t61KCofNmG2JZv+nKi94Uug@mail.gmail.com> <534C0078.3070808@meetinghouse.net> <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534C2262.1070507@meetinghouse.net> <CAL0qLwb5p_V3i-NGhKJZBeO0qKHm1xiAq1E3nYkBzVUAXkRPpQ@mail.gmail.com> <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <534D5516.7060902@dcrocker.net> <534D98CC.9080400@gmail.com> <2478F2D1-2E08-45D7-86A2-36443959E272@me.com> <534EE9EA.9060403@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.1510)
X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaEhEKTEMXGx0EGx0YBBIZBBscEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hjeREKQ04XSxsbGmJCH2lmGH8bGXhzB xliGxoaGVseEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxwQGx4aHxsRCl5ZF2FCf19 AEQpMRhdia2sRCkNaFxgbGQQbGBkEGxMYBBkaEQpEWBcZEQpESRcYEQpCRRdmUH1dH21kGgVIY xEKQk4XbHBgeUAdYlJpGmIRCkJMF2dJH215aRh+ckJNEQpCbBdlaGUYbU0cGENGThEKQkAXZxx nXkJkY1Ibc2QRCnBnF2ZCHX1MfBtIZlBMEQpwaBdge1pQcBtCWVlrRhEKcGgXbkZ8fmxMZmRnT 0ARCnBoF2wYZVJkbGEaQ3tdEQpwaBdoHGgaHn5texJ/RREKcGgXaFNJZUlvUlNibUQRCnB/F2h LZ3xle0VbWkx8EQpwXxdnQF1oR2N9axpAZBEKcGwXa2ZOa0FlX2ZTZwERCnBMF2caU2xAa0BtH 0NaEQ==
X-CLX-Spam: false
X-CLX-Score: 1011
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96, 1.0.14, 0.0.0000 definitions=2014-04-17_03:2014-04-17, 2014-04-17, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404170150
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/OzaTvOBhyuZTe_5hehpCP0UtReI
Cc: Jim Fenton <fenton@bluepopcorn.net>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 10:04:02 -0000

On 16 Apr 2014, at 21:36, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> On 16/04/2014 18:58, Sabahattin Gucukoglu wrote:
>> On 15 Apr 2014, at 21:38, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> The mailman fix is worse than the disease. I think the .INVALID fix is
>>> much better, because Reply-all will still work.
>> 
>> Reply-all should still work with the Mailman fix; 
> 
> It doesn't work *properly*. Firstly, this message wouldn't be sent
> to you with CC to the list, which is the correct semantic.
> If you weren't a subscriber, you would never see it. Secondly,

Sorry, but I appear to be confused.

The Reply-To: field is adjusted to be the author's address, on a discussion list like this where replies go back to the authors.  Just in case we're talking across purposes somehow and to avoid all doubt, the fix we are talking about is described here:
http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html

Unless your MUA is doing something very unusual, and some do, then pressing "Reply all" should produce a message addressed to me, with a CC that contains the remainder of the recipient addresses.  The From: is completely irrelevant.

I'm just waiting to be told that I've missed the obvious. :)

Now, FWIW, a better way is as has been suggested here, namely to synthesise addresses for each subscriber.  That's how I'd do it: every mailing list post has its From: rewritten, like:
ietf-resend+brian.e.carpenter=gmail.com@ietf.org

That address remails to you, first checking that a subscriber of the list is recognised.  In the process, it performs the same transformation on the From: field of the message, so as to pass SPF alignment.  It is hoped that your interlocutor happens to be on the list, also, or that you are still on the list when he is trying to contact you.

> the first line above would read:
> 
> On 16/04/2014 18:58, IETF discussion list wrote:
> 
> which is untrue.

It isn't necessary to change the personal name.  Some MUAs may very cleverly add one in the absence of one, or store it in an address book, though, incorrectly.  With the resend method above this issue is less problematic; furthermore the list software can add "(via listname)" to make the distinction less confusing.

No, none of these suggestions are perfect.  I'm not looking for a perfect solution though, I'm looking for one that works, for now.  Throwing people off my lists *is not* an option.

Cheers,
Sabahattin