Re: (DMARC) Why mailing lists are only sort of special

Miles Fidelman <mfidelman@meetinghouse.net> Wed, 16 April 2014 23:16 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 838C21A03FD for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 16:16:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.881
X-Spam-Level:
X-Spam-Status: No, score=-0.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id St-N6V6_D12v for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 16:16:34 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id CC37E1A0359 for <ietf@ietf.org>; Wed, 16 Apr 2014 16:16:34 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id 33C02CC0B7 for <ietf@ietf.org>; Wed, 16 Apr 2014 19:16:31 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id h49axiuX5+lS for <ietf@ietf.org>; Wed, 16 Apr 2014 19:16:26 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 62636CC0B6 for <ietf@ietf.org>; Wed, 16 Apr 2014 19:16:26 -0400 (EDT)
Message-ID: <534F0F4A.9010901@meetinghouse.net>
Date: Wed, 16 Apr 2014 19:16:26 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: (DMARC) Why mailing lists are only sort of special
References: <CE39F90A45FF0C49A1EA229FC9899B0507D45766@USCLES544.agna.amgreetings.com> <20140414214949.32126.qmail@joyce.lan> <CE39F90A45FF0C49A1EA229FC9899B0507D460CB@USCLES544.agna.amgreetings.com> <alpine.BSF.2.00.1404142150430.32657@joyce.lan> <CAL0qLwbPMm_i0fqNSGQPv=xZaiNASy=icsRNudaNJ_3PNtX3Og@mail.gmail.com> <alpine.BSF.2.00.1404151832460.38826@joyce.lan> <CAL0qLwZUptJVw85T2FjB2HRGoOvcOUHKiQXeadM0QE9BsFVM9w@mail.gmail.com> <CAKHUCzxpwS+nR9wRGOzU_83f7XabMr0pwB5x-MHrqM-28r80kw@mail.gmail.com> <CAKHUCzzw9mufrTCOBQOkRrZU6wOM21X8Y=FUEKf=qnzS9VESjA@mail.gmail.com> <alpine.BSF.2.00.1404161654430.2065@joyce.lan> <CAL0qLwYT_y5ksCP5DpHGXEK084zVg=6HfpJ2B2khkK7jDByZmQ@mail.gmail.com>
In-Reply-To: <CAL0qLwYT_y5ksCP5DpHGXEK084zVg=6HfpJ2B2khkK7jDByZmQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/R32hHudRr0prM9rbuchmJccN6Bs
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 23:16:38 -0000

Murray S. Kucherawy wrote:
> On Wed, Apr 16, 2014 at 1:57 PM, John R Levine <johnl@taugh.com 
> <mailto:johnl@taugh.com>> wrote:
>
>     How do I distinguish the nice mailing lists at ietf.org
>     <http://ietf.org> from random evil spammer domains sending spam
>     with List-ID headers?
>
>     Every proposal I've seen like this ends up tripping over the fact
>     that there is no technical way to distinguish between mail from
>     real mailing lists and spam that looks like it's from mailing
>     lists.  Hence you need a whitelist for the real mail, at which
>     point all of the mechanism beyond the key for the whitelist
>     (probably a DKIM signature) is superfluous.
>
>
> Let's assume for the moment that a whitelist is the only option.  
> (Pete made a different suggestion that I haven't read fully yet, for 
> example.)  Do you envision each operator maintaining its own 
> whitelist, or one or more public registries of them, or something else?
>
> It may be the case that it's the only way, but if so, then someone 
> needs to write down some how-tos on this as well.  May as well begin 
> to develop that idea.
>
>
Well... yahoo, aol, and others DO keep whitelists now - and various 
mechanisms for getting on them.  Yahoo doesn't, however, seem to apply 
their whitelisting methods to their own mail that's passed through 
DMARC.  Hmmm.....

Miles

-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra