RE: [IETF] DMARC methods in mailman

"Christian Huitema" <huitema@huitema.net> Tue, 27 December 2016 02:03 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C700129952 for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 18:03:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVlpRcwEh0bE for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 18:03:21 -0800 (PST)
Received: from mx36-42.antispamcloud.com (mx36-42.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69E7012994E for <ietf@ietf.org>; Mon, 26 Dec 2016 18:03:21 -0800 (PST)
Received: from xsmtp12.mail2web.com ([168.144.250.177]) by mx36.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1cLh6l-00080y-Uk for ietf@ietf.org; Tue, 27 Dec 2016 03:03:20 +0100
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp12.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1cLh6k-0005CK-Ah for ietf@ietf.org; Mon, 26 Dec 2016 21:03:19 -0500
Received: (qmail 23742 invoked from network); 27 Dec 2016 02:03:17 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[172.56.39.197]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ietf@ietf.org>; 27 Dec 2016 02:03:17 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'John Levine'" <johnl@taugh.com>, <ietf@ietf.org>
References: <20161226205249.rneaenhh5c2dcpz4@thunk.org> <20161227013401.11378.qmail@ary.lan>
In-Reply-To: <20161227013401.11378.qmail@ary.lan>
Date: Mon, 26 Dec 2016 18:03:07 -0800
Message-ID: <03e401d25fe5$5f32a5f0$1d97f1d0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQH5Ivjf6x65xaXBlA5BnUoJGPyqcKDNgd6A
Content-Language: en-us
Subject: RE: [IETF] DMARC methods in mailman
X-Originating-IP: 168.144.250.177
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.28)
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlVTHAar8Je/lORhy3PZJU8LERWeKKG4PAQY Nyavp7c49L/N1imVzxQGuMdyq1ILpVFTugiLDom8V25hond3K4RsO76XSTAwtV4mg4i2ouCDa4AU hvIWAV5xUW/+gAh4vXoSPO2AuSaDIOAgQBMRa9FiRcOb18WfxGyg6Om6u4YYm0RLqmu7XH6RkBvL FpqJ2Z05hjoyEb9Oq0NWpyO3vrfYNrJwCbVSZviV1vzVlxiUlT3dKxLhoxcmaInYbR5vlqGudzLe k2TYFBStSOMccbr5Uz0sPgnpAk2KA2vJwMd1uWhCmLzOxTAcQmFWVARhgNqBNFD3an3wiMp49rVr ybSBe34TY+s3lj/RgDQoaICKQxQRCdMNhge1Unb77YyuZq5Py1EWir4TCwAJ3a/YpU2HRBdQ80wr wyng3wNtDYr6IWSdEOMftBjsWb6BDQzjSsEw7+KMtoemwN8keIAcPKMBBQ67muZNm3G2c8/Pjjqy k0k0bdVHmDm5y9NcoZdM30MpNkbYYJ8YZ7d5zi74j6F/pxvnk7PJGygctl3LC86in/6DwZpjxPTx I2S/vwoydU3rc+Iv2rc9L0aEB794CHU7QkUmTDfMv/tVj9RPDK26f1ZS3ljmeFVRIgA8pd5GE2NV TgVI3tePcP+0TP9kyYEY8TWpreAnukXR+i5LByI3DQeYUOp7A73HI6oJg7w/VodqDS3jhFVyYvjB Ar8iUjNZzB9tfY+mOJVw0e2xMRa7D2P5RYOa/miinTReZ5OdasFBlor8ikxQTKPsYxS4ne8tDiOh r4KrVZqMhXrs69DDK9BqLkXGaznuCfaQ1w/JpOE=
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/XR7hPySq5w41k4cB9gwvcCxaVnA>
Cc: tytso@mit.edu
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2016 02:03:23 -0000

On Monday, December 26, 2016 5:34 PM, John Levine wrote:
>>By that argument, there's no excuse for the big mailer providers for
>>bouncing List mail because of DMARC.  They could just reference the
>>List-ID field, and display something like this:
>>
>>    <From> via mailing list <list-id header contents>
>
> Great idea.  Because there is no possibility whatsoever that if mail
> systems did that, bad guys would put in fake List-IDs to get their
> phishes delivered.

Of course, they will. A system like that only works if the MUA is reasonably sure that the mail was in fact sent by the specified "sender", and that the sender was some reputable list forwarder that the user trusts.

But your mail and many comments on this lists point to the huge responsibility of the MUA with respect to phishing. Phishing is about duping the user by displaying misleading information. The effective defenses have to rely on proper user interface design, using all the information in the user context. Attempting to do that by just using network rules makes the network more complex, but cannot solve the problem.

-- Christian Huitema