Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions

Theodore Ts'o <tytso@mit.edu> Fri, 16 December 2016 20:27 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F4D71296CB for <ietf@ietfa.amsl.com>; Fri, 16 Dec 2016 12:27:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.796
X-Spam-Level:
X-Spam-Status: No, score=-4.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thunk.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27wNfDJf3CBc for <ietf@ietfa.amsl.com>; Fri, 16 Dec 2016 12:27:08 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C542129699 for <ietf@ietf.org>; Fri, 16 Dec 2016 12:27:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=jYf7DF+0lsnRpJxK46zzbEAUetfLa2h1P+Ryf064bfM=; b=q2P670ebIq/SS5PrjGsq8TWkEVr2L7+8Ny19wRhvL5FpFB4hZiFC3ybhv2XESaflImlemvnQM2EDSJpvaM69Y8S6yrVuKrvR3Bo9EJYkNZMNy7MiTQoqI9kArbkuv71E1XpNEOSUigS2rFEwIiaf0N1wwOgXpceS4jCrlUuMeCg=;
Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.84_2) (envelope-from <tytso@thunk.org>) id 1cHz5t-0000ul-35; Fri, 16 Dec 2016 20:27:05 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806) id 819AFC00461; Fri, 16 Dec 2016 15:27:04 -0500 (EST)
Date: Fri, 16 Dec 2016 15:27:04 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Paul Wouters <paul@nohats.ca>
Subject: Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions
Message-ID: <20161216202704.glz5vgu773gqqgvm@thunk.org>
References: <25431.1481725548@obiwan.sandelman.ca> <5EF6F271-1CF7-4981-8E83-C7A7B49DB8F2@gmail.com> <CDE8A76C-ECD7-4370-9823-3C78144A8850@nohats.ca> <24005.1481827604@obiwan.sandelman.ca> <alpine.LRH.2.20.1612151513060.15183@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LRH.2.20.1612151513060.15183@bofh.nohats.ca>
User-Agent: NeoMutt/20161126 (1.7.1)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/a4iD9tVnrUMl5OJqOjcI3pSSdoY>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2016 20:27:09 -0000

The real problem with all of these schemes is as they make life easier
for the user, it also makes life user for the phishers.  So for
example, if we start adding a mail header field "this is *really* the
sender", or there is a standard way to parse it out of the comments of
the from field, then it will also provide a better user experience and
a better user interface to display that as the summary line of the
e-mail, and in the mail headers that are displayed for the user.

And the moment you do that, the phishers will use that to exploit
stupid uesrs, and then there will be a DMARCv2 that will break that
field, and perhaps, break mailing lists again.  :-(

       	   	    	  	  		- Ted