Re: Do we actually want to do anything about DMARC?
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 15 August 2016 14:53 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A18E12D6AF for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 07:53:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uO_mIap4d1Mr for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 07:53:25 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8262E128E19 for <ietf@ietf.org>; Mon, 15 Aug 2016 07:53:25 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 406A9203AD; Mon, 15 Aug 2016 11:04:23 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A68E8639DC; Mon, 15 Aug 2016 10:53:24 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: John Levine <johnl@taugh.com>
Subject: Re: Do we actually want to do anything about DMARC?
In-Reply-To: <20160815012208.8845.qmail@ary.lan>
References: <20160815012208.8845.qmail@ary.lan>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Mon, 15 Aug 2016 10:53:24 -0400
Message-ID: <32352.1471272804@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/XS94pnK3FwwWUA3NtuqeNrQGx6A>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 14:53:27 -0000
John Levine <johnl@taugh.com> wrote: >> I agree strongly with you: the IETF needs to do something in some >> direction. >> >> That something could be to properly reject email with a DMARC policy >> that does not permit forwarding. That would piss off an awful lot of >> IETF participants, but it would be simple, since it requires no >> protocol changes, just social changes. > Hmmn, the one approach that is unambiguously worse than doing nothing, Good, we agree about this, but, I still think we need to lead with a carrot (new DMARC spec to solve the problem), and a stick (date at which we will comply to DMARC) > since it would confirm every worst fear that we're more interested in > playing purity games than in getting work done. That's one way to look at it, and I'm not saying it's wrong. I think it shows that we actually care about the contents of our specifications, and that we actually expect others to. > If we actually want to do something, we should decide what to do and do > it. > It's not like there's any mystery about what the options are. This > page in the old ASRG wiki lists them all and hasn't changed in ages: > http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail > The options built into mailman 2 are: > * moderate or reject DMARC'ed submissions > * rewrite the From: line with the list address > * wrap messages sort of like one-message digests Hah. So this is the same debate 6man has about IPv6 Extension Header insertion :-) > Personally, I think those are all pretty bad, so we should do something > else. (If I had to pick one, I'd pick the last one since it's the > easiest to undo on the way in.) It's been like two years that I said the same thing. > My preferred approach until ARC is usable is to rewrite the From: > address to a legible forwarding address. The IETF already handles a > bazillion forwarding addresses for I-D and RFC authors, so I'd think it > wouldn't be terribly hard to adapt that. You don't have to change any > mailman code; you can do everything in a shim between the list manager > and the outgoing postfix submission program. I call this NAT for email. I'd rather do IPIP for email and wrap the messages. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: DMARC and ietf.org =JeffH
- Re: Do we actually want to do anything about DMAR… John Levine
- Re: DMARC and ietf.org John Levine
- Re: Do we actually want to do anything about DMAR… Brian E Carpenter
- Re: DMARC and ietf.org S Moonesamy
- Re: Do we actually want to do anything about DMAR… ned+ietf
- Re: Do we actually want to do anything about DMAR… John R Levine
- Re: Do we actually want to do anything about DMAR… Michael Richardson
- Re: Do we actually want to do anything about DMAR… Theodore Ts'o
- Re: DMARC and ietf.org Rich Kulawiec
- Re: Do we actually want to do anything about DMAR… Alessandro Vesely
- Do we actually want to do anything about DMARC? John Levine
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org S Moonesamy
- Re: DMARC and ietf.org Viktor Dukhovni
- Re: list managers, was DMARC and ietf.org John R Levine
- Re: DMARC and ietf.org Theodore Ts'o
- ARC (was - Re: DMARC and ietf.org) Dave Crocker
- Re: DMARC and ietf.org Theodore Ts'o
- Re: DMARC and ietf.org John R Levine
- Re: DMARC and ietf.org Ted Lemon
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Andrew G. Malis
- Re: DMARC and ietf.org =JeffH
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org Miles Fidelman