Re: What I've been wondering about the DMARC problem

Miles Fidelman <mfidelman@meetinghouse.net> Thu, 17 April 2014 21:09 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1FA11A013A for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 14:09:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.281
X-Spam-Level:
X-Spam-Status: No, score=-0.281 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_21=0.6, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0G7MFyAOJ-i for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 14:09:37 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id 287D81A0133 for <ietf@ietf.org>; Thu, 17 Apr 2014 14:09:37 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id E9AC6CC0B9 for <ietf@ietf.org>; Thu, 17 Apr 2014 17:09:32 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iXoab+ToQecC for <ietf@ietf.org>; Thu, 17 Apr 2014 17:09:24 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 2CC35CC0A5 for <ietf@ietf.org>; Thu, 17 Apr 2014 17:09:24 -0400 (EDT)
Message-ID: <53504303.3000507@meetinghouse.net>
Date: Thu, 17 Apr 2014 17:09:23 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: IETF discussion list <ietf@ietf.org>
Subject: Re: What I've been wondering about the DMARC problem
References: <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <534D5516.7060902@dcrocker.net> <534D98CC.9080400@gmail.com> <2478F2D1-2E08-45D7-86A2-36443959E272@me.com> <534EE9EA.9060403@gmail.com> <09B6AA22-9D1D-4EE4-AB27-2506A1E08EDA@me.com> <5350344B.1000400@gmail.com> <20140417205332.GB4979@thunk.org>
In-Reply-To: <20140417205332.GB4979@thunk.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/PCWhnL9snIeVwqiNR9V7fcQEh_c
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 21:09:39 -0000

Theodore Ts'o wrote:

> Suppose we made the mailing list software take the contents of the
> >From field, and moved it to something like "X-Originally-From: ", and
> changed the From field to be "ietf@ietf.org".org".  That would be what the
> DMARC people would want, right?
>
> Except then, a couple of years later, because users might actually
> want to find the message that was written by "Brian Carpenter", or
<snip>

Worse than that.  That would any authentication back to the original author.

Personally, on my incoming mail, I really don't care if a message passed 
through a mailing list or not - if it says it's From: <foo>, what I 
really care about is that it really is from <foo> and that it's the 
message that <foo> originally sent (modulo things like subject tags, and 
list headers/footers) -- if some random mail list wants to forward the 
mail to me, and it comes through intact - do I really care about the 
legitimacy of the list server (other than not wanting it to become a 
spam or attack vector)?

Not sure that's completely clear.

Miles Fidelman

-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra