Re: DMARC: perspectives from a listadmin of large open-source lists

Dave Crocker <> Mon, 14 April 2014 03:15 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2D21D1A031F for <>; Sun, 13 Apr 2014 20:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.5
X-Spam-Status: No, score=-1.5 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eHhHSRs6A9e4 for <>; Sun, 13 Apr 2014 20:15:34 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E8F2F1A0315 for <>; Sun, 13 Apr 2014 20:15:33 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id s3E3FS0e024296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 13 Apr 2014 20:15:31 -0700
Message-ID: <>
Date: Sun, 13 Apr 2014 20:13:19 -0700
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: John Levine <>,
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan>
In-Reply-To: <20140414024956.26078.qmail@joyce.lan>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Sun, 13 Apr 2014 20:15:31 -0700 (PDT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Apr 2014 03:15:35 -0000

On 4/13/2014 7:49 PM, John Levine wrote:
>> Meanwhile, I'm still not proposing that we train users, or even
>> anti-spam software to "recognize" or "validate" mailing list addresses.
>> What I'm proposing is a way to send mail from a list with From:
>> @domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the
>> left side of the @ sign to identify the actual sender of the message.
> Yes, that's the 1980s percent hack.

1979, to be precise, for MMDF's relaying telephone/Arpanet mail with the 
original funding agency, the Army Materiel Command, and then the NSF's 
CSNet.  It was difficult to find a character that made any intuitive 
sense and wasn't already taken.

As an overall construct, in this case, it might work pretty well.  It 
preserves all of the original address in a way that is easily 

It treats the list engine as a kind of gateway.  This means that a reply 
to that address will show up at the list host and needs to be relayed to 
the intended recipient.  While a bit inefficient -- and probably will 
emerge as an attack vector (sigh) -- it's a plausible mechanism.

Dave Crocker
Brandenburg InternetWorking