Re: DMARC: perspectives from a listadmin of large open-source lists

Miles Fidelman <> Wed, 16 April 2014 12:21 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C62391A0145 for <>; Wed, 16 Apr 2014 05:21:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zmNnHiNdK7to for <>; Wed, 16 Apr 2014 05:21:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 58CAB1A014E for <>; Wed, 16 Apr 2014 05:21:47 -0700 (PDT)
Received: from localhost (localhost.localdomain []) by (Postfix) with ESMTP id DF89BCC0A8 for <>; Wed, 16 Apr 2014 08:21:43 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with LMTP id EnesxEs5QxTR for <>; Wed, 16 Apr 2014 08:21:35 -0400 (EDT)
Received: from new-host.home ( []) by (Postfix) with ESMTPSA id 0F17CCC0A5 for <>; Wed, 16 Apr 2014 08:21:35 -0400 (EDT)
Message-ID: <>
Date: Wed, 16 Apr 2014 08:21:34 -0400
From: Miles Fidelman <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
To: IETF general list <>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <alpine.BSF.2.00.1404160054290.40095@joyce.lan>
In-Reply-To: <alpine.BSF.2.00.1404160054290.40095@joyce.lan>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Apr 2014 12:21:52 -0000

John R. Levine wrote:
>> want to allow modification of the subject field (e.g., adding a tag)
>> and/or the body (e.g., adding header and footer) - then you might have
>> to be a little cleverer, perhaps by providing information about the
>> diffs in extra headers and doing a few comparisons at the receiving end
>> (subject tag = *****<original-signed-subject>).
> That's unlikely to be a productive direction to go.  We had a lot of 
> arguments about message modification when we were designing the DKIM 
> strict and loose message digests.  We never found a way to allow 
> subject tags that wouldn't also enable all sorts of abuse, and I don't 
> think we missed anything.
> The reasonable way to use DKIM with mailing lists has always been for
> the list to add its own signature, and to use the list signatures to
> develop a (presumably good) reputation for the list so its mail gets
> delivered.  See the signatures on the messages from this list for an
> example.

I was thinking about combining:
- two signatures: at origination, by the list manager
- adding an additional header, along the lines of "original-subject"
- allowing for:
-- not breaking validation of the originating signature
-- adding tags to the subject line (and copying the original subject to 
-- adding a new signature at the mailing list
-- validating the original signature at receipt (just using the 
original-subject header in place of the tagged subject line)
-- doing a diff on the two subject lines to validate that the only thing 
added was a text tag before the original subject

Doesn't address the non-aligned From: header issue, but does reduce one 

In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra