IETF Logo Mail Archive

Re: DMARC and ietf.org

Hector Santos <hsantos@isdg.net> Mon, 21 July 2014 19:10 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3441A037C for <ietf@ietfa.amsl.com>; Mon, 21 Jul 2014 12:10:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.079
X-Spam-Level:
X-Spam-Status: No, score=-101.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlINoLalv-uF for <ietf@ietfa.amsl.com>; Mon, 21 Jul 2014 12:10:07 -0700 (PDT)
Received: from ftp.catinthebox.net (listserv.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 1CF7F1A01EB for <ietf@ietf.org>; Mon, 21 Jul 2014 12:10:07 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1541; t=1405969797; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=jvhoPSdBEMcNUwLvdPdnGtXQChA=; b=pZ+1+/d90Uq4oqDu+E8f 4oWE4Hdyo85ZtIjRDSrFcORYc+PRr3yMM6LweAy7RDZWdmQlUsQq/2P1dIvS6cdY ZYwJayqozXCvJyXH70DI4dvuSaG3lhmKJeyHVZ+veL30PI2E4cDYDBlQDwhBTRVg 6pZRWGK2b1so+8AehPdyF8I=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Mon, 21 Jul 2014 15:09:57 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com (hector.wildcatblog.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1154912469.370.2216; Mon, 21 Jul 2014 15:09:57 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1541; t=1405969559; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=Sttk5xn Ifiut73GjOLuh8aNxw/UQs/ZifBWZ78xibyA=; b=rN+wd+3ETqfFSw3zyvTCjQb GFY+qJaacek/4U1e+M6DJ5V0L886g4JNLyU+6t+wJ8iMrwuxotzRdB3AohXXFFcA 0Y6LuQL8Fp3gx6Kod0ELEQNZz0m+GmqdYadCnsg4EVshFoNoV4XURFJrcDxIqlEI 1BxD8ZyBQcvc63j25sFs=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Mon, 21 Jul 2014 15:05:59 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1171239047.9.5612; Mon, 21 Jul 2014 15:05:58 -0400
Message-ID: <53CD6585.3090406@isdg.net>
Date: Mon, 21 Jul 2014 15:09:57 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: DMARC and ietf.org
References: <20140721025132.3111.qmail@joyce.lan>
In-Reply-To: <20140721025132.3111.qmail@joyce.lan>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/VnIDyb1hChQq5fRj1pqqNw3AEjQ
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 19:10:10 -0000

On 7/20/2014 10:51 PM, John Levine wrote:
>>> I thought the preferred solution was to rewrite the From for
>>> those users only.
>>
>> I think that remains controversial. ...
>
> There is no consensus at all on how mailing lists should deal with
> DMARC problems.

Not quite John.

The specific DMARC protocol aside, with any author domain policies in 
general, whether it was SSP, ADSP or any DKIM author domain signing 
authorization
protocol (DSAP),  there was a consensus RFC built document that 
provided the basic guideline for mailing list operations in dealing 
with restrictive DKIM signing policies. It used ADSP as the "DSAP" of 
the day. But replace ADSP with DMARC and the design recommendations apply:

    RFC6377  DomainKeys Identified Mail (DKIM) and Mailing Lists
    http://tools.ietf.org/html/rfc6377

And overall, the basic guideline was to support the framework, not 
ignore it as it never existed and instead pushed for breaking the 
security protocol.

As a LIST developer and implementor of the "DSAP" protocol, it was simple:

  1) Deny Restrictive Domains from Subscribing
  2) Deny Restrictive Domains from List Submission
  3) Pottery Principle "You break it, you own it" - Resign mail

That is all at the top level that needed to be done and all the above 
really has nothing to do with a mailing list but the mail receiver 
verifier and the outbound mail server.

This is about not wanting to do a basic author domain signature 
authorization lookup for any kind of mail service.

-- 
HLS

v2.23.0 | Report a Bug | By Email