Re: DMARC: perspectives from a listadmin of large open-source lists

Pete Resnick <presnick@qti.qualcomm.com> Wed, 16 April 2014 11:34 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9011A012A for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 04:34:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.373
X-Spam-Level:
X-Spam-Status: No, score=-3.373 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_16=0.6, J_CHICKENPOX_21=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFpDsn0K7jWA for <ietf@ietfa.amsl.com>; Wed, 16 Apr 2014 04:34:32 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by ietfa.amsl.com (Postfix) with ESMTP id 9D86B1A010B for <ietf@ietf.org>; Wed, 16 Apr 2014 04:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1397648069; x=1429184069; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=lTvNRpq2xBaT0FXRDg5c8r6Wj3Z64Xy0r3e4rUwLwRY=; b=u3S04RKnWXzeItUXfJMFbCKQWE4Qrr5YjCU7MppqM5kuxrAVgZXPbjVs Pc1EBUN0HQ3EHTbLHKmgOCwT6P+WyUQGUvvLNCwxhlZTiIpUYf/up4pbm 6pkoxM8XPDov4WM0W3fnw109kJ+n4fhuMlUztsU0PhMUrLeaB3azicGwL 0=;
X-IronPort-AV: E=McAfee;i="5400,1158,7409"; a="29137261"
Received: from ironmsg02-lv.qualcomm.com ([10.47.202.183]) by wolverine01.qualcomm.com with ESMTP; 16 Apr 2014 04:34:29 -0700
X-IronPort-AV: E=Sophos;i="4.97,871,1389772800"; d="scan'208";a="29453084"
Received: from nasanexhc04.na.qualcomm.com ([172.30.48.17]) by ironmsg02-lv.qualcomm.com with ESMTP/TLS/RC4-SHA; 16 Apr 2014 04:34:28 -0700
Received: from resnick2.qualcomm.com (172.30.48.1) by qcmail1.qualcomm.com (172.30.48.17) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 16 Apr 2014 04:34:34 -0700
Message-ID: <534E6AC1.7030709@qti.qualcomm.com>
Date: Wed, 16 Apr 2014 06:34:25 -0500
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Theodore Ts'o <tytso@mit.edu>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <1EBDF5239EEE5202D3837D25@JcK-HP8200.jck.com> <534B9760.90301@dougbarton.us> <6C80882F19CCEDFE15E987CA@JcK-HP8200.jck.com> <534BEF75.5060804@bbiw.net> <534DB093.5020507@qti.qualcomm.com> <534DBA0F.2050507@gmail.com> <20140415231720.GQ4456@thunk.org>
In-Reply-To: <20140415231720.GQ4456@thunk.org>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.30.48.1]
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/T823fjs5PWq2BjvOZ-FzZ5YMjSA
Cc: John C Klensin <john-ietf@jck.com>, ietf@ietf.org, Dave Crocker <dcrocker@bbiw.net>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 11:34:34 -0000

On 4/15/14 6:14 PM, Sabahattin Gucukoglu wrote:

>> There should be a mechanism for an author to send a message to a mailing list, granting the mailing list permission to redistribute that message, and have that permission conveyed to the mailing list recipient such that when the mailing list recipient receives the message, they can assure themselves that the originating domain is OK with that redistribution. Sounds like some protocol which could be written.
>>      
> That suffers the same problems as X-O-A-R: you have to know when to trust the intermediate.  In the absence of that knowledge, any message transformation is invisible to the recipient, and potentially malicious.  You would have to invent a scheme for identifying transformations, so users could verify them against the original sender's signature.
>    

Not necessarily. If the originator of the message sends to a mailing 
list, the originator's site should trust the mailing list to 
redistribute the message and make any transformations. (If you can't 
trust your users to make a decision on which lists to send to, that's a 
different thing.) If the originator's site is going to allow that, you 
could create a mechanism where the originator's site gets some sort of 
cryptographic data from the mailing list site and include that in its 
signed message, such that when the eventual recipient gets the message, 
it can verify that it came from a mailing list site that the originator 
explicitly sent the mail to. That doesn't require the originator's or 
the recipient's site to independently trust the mailing list. (It would, 
of course, be perfectly OK for the recipient's site to check that it's 
getting the list mail from an authorized site; that's separate from of 
the above.)

And again, this is only if the originator indicates that it *wants* to 
allow its users to have their mail redistributed. The site is well 
within rights to indicate that it doesn't want that to happen, and a 
friendly mailing list would bounce the mail in that case.


On 4/15/14 6:17 PM, Theodore Ts'o wrote:
> On Wed, Apr 16, 2014 at 11:00:31AM +1200, Brian E Carpenter wrote:
>    
>>> (If the originating domain is expressly *not* OK with the
>>> redistribution, the mailing list should bounce the message back to the
>>> author saying as much.)
>>>        
>> Isn't that exactly what p=reject implies? If so, the logical behaviour
>> for all list software would be to check the DMARC record for the
>> originating domain of each message, and bounce it if p=reject.
>>      

Yep.

> The question is which is more or less unfriendly?
>
> 1)  Forbidding yahoo.com users from participating on mailing lists
>
> 2)  Rewriting the from field of yahoo.com users.
>    

More or less friendly to whom? If yahoo.com says that it doesn't want 
mail from its users sent via other servers, it might be unfriendly to 
its users to bounce the mail, but it's pretty darn friendly to 
yahoo.com. (Imagine the question: "So, you say you don't want things 
with your users' addresses sent from my server. Are you OK with me 
rewriting your users' addresses with '.invalid' on the end and then 
sending them?") And it's much friendlier to eventual recipients of this 
mail to bounce it (forcing the originator to send from a different 
address) than to get a piece of mail that will cause them to get a 
bounce if they reply to it without noticing that there's a ".invalid" at 
the end.

The problem is that the current protocol is not rich enough to express 
everyone's intentions. Yahoo conceivably might want to say, "It's OK to 
receive mail from a yahoo.com user from a site that is redistributing a 
piece of mail that a yahoo.com user explicitly sent to it." But there's 
no way to say that in the protocol now. Given that, yahoo.com has made 
the current choice to say, "Reject all yahoo.com mail that comes from a 
site other than yahoo.com". That's a choice yahoo.com is free to make. A 
friendly mailing list is well within spec to honor that request by not 
redistributing the mail.

> I could easily see the mailing list software making this be
> configurable, so it's up to each mailing list admin.  :-)
>    

I think that's a perfectly reasonable thing to do.

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478