Re: DMARC: perspectives from a listadmin of large open-source lists

"John Levine" <johnl@taugh.com> Sun, 13 April 2014 21:10 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8625E1A0237 for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 14:10:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.343
X-Spam-Level: **
X-Spam-Status: No, score=2.343 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ImvJgIaqUa51 for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 14:10:49 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id 3582F1A0235 for <ietf@ietf.org>; Sun, 13 Apr 2014 14:10:48 -0700 (PDT)
Received: (qmail 3797 invoked from network); 13 Apr 2014 21:10:45 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 13 Apr 2014 21:10:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=6271.534afd56.k1404; i=johnl@user.iecc.com; bh=0GQ8Tyn+7w6M7VPrhT5fNGtii/gGhozJkX450dHLkyo=; b=J1a7op3aQypBhcPeqN9A93H5vMkZzwC23fkOPqCwdtK9nkHwnhbl0JEZNkKUPUKyqCivKyjHfBpcZ70VaaAbE/PkO760JPBEm+Zh4WcYpYf49Tqn0mRNlOY63FCJrTNqSkEZIM5ZwoTzaHhfa6dIrwy+FIfs7x6sXfa+YrInP7ifILyPjn5weJYncV4asLkXLux9pK5956brcsa4BfxzJxxw6JB+ihU6ZrD7vPMPKtevR/bPPw7gSTEh/+aDXSCA
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=6271.534afd56.k1404; olt=johnl@user.iecc.com; bh=0GQ8Tyn+7w6M7VPrhT5fNGtii/gGhozJkX450dHLkyo=; b=pp+jUR/Drw18Z9mRemIwqGDihQAp7C4q/zq5AMvK3AUP1DC7+ZaOsp63o8DRL8CcbaPSE7vn/e96wXs/41ImsTMHG5EN0za21ce0sJOliOAJ7nx+r4v/HpW+1KpUmAHS+kYLIlzzBqomI8vWlZgzRpCa+ljcFevefbMfnhqys9ojk4jZed3v1E6Adx8EmqJRlSPrIPbUF4OAjDaAVJRuErwkq/PUV5rF89Z8zeoQW05tcLRMe7HS95qs4ShZ+C+Q
Date: 13 Apr 2014 21:10:24 -0000
Message-ID: <20140413211024.25200.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <534AF382.1030806@dougbarton.us>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/UGU3_a7hp0eUBOswUFoF3PP0-9A
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Apr 2014 21:10:51 -0000

>Building on the FROM_IS_LIST idea, rather than having the From be 
>rewritten to simply "list@example.com" why not establish a convention 
>(dare I say "standard?") to encode the real from address and list to the 
>left of the @ sign? The rub with DMARC/SPF/DKIM is the domain itself, 
>not the whole address.

This is a minor tweak of the "authenticated phish via on-behalf-of" proposal.

Spammers can send mail that looks a lot like mailing lists, you know.

 From: Paypal Security <security@paypal.com.lists.rbn.ru>

But wait, I have an even better idea, Nobody ever thought of this one!

 From: Paypal Security <security%paypal.com@lists.rbn.ru>

R's,
John

PS: You can safely assume that any possible workaround for mailing
list From: lines has been invented, argued about, and discarded at
least a dozen times already.  The response to pretty much all of them
is that you have to know it's a real mailing list to trust the hack,
but if you know it's a real mailing list, just deliver the fripping
mail.