Re: (DMARC) Why mailing lists are only sort of special

Yoav Nir <ynir.ietf@gmail.com> Thu, 17 April 2014 13:27 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007D31A013C for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 06:27:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WLbPe1aMEx8c for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 06:26:59 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) by ietfa.amsl.com (Postfix) with ESMTP id 80DA91A015A for <ietf@ietf.org>; Thu, 17 Apr 2014 06:26:59 -0700 (PDT)
Received: by mail-wi0-f179.google.com with SMTP id z2so814363wiv.6 for <ietf@ietf.org>; Thu, 17 Apr 2014 06:26:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=z7VaWQJp6kRXZrBQPk3sXqop8RgMD1vG1un9lszHuyY=; b=Q2CEnHKxWcXvvNUinhbFsMJn8CBzDw7Gx203w2YejnLSLVjAvtR8rhg3qRZH1z7mUo YrBrBCEphC0lbp6cQa6IFFulqSTPJ8WaTxZVVHy03DONVQWUU5XFWo22eVoCBAc8y+/p p0172evYaXXmuS/wro30ECrCvoUmWbTLXklduccN0EoJcrbCDXJFnIOnFb3YxUUfCggq TTUuAhaalJFyTq50nl8plBYLIESPT4GW2ltysFxph2JtuL/FsWeWorcF0rhHndf4tk6B vOK6tgxejA38vAFHM7BmCB9/QQnZmLgmdCFpXyj0Rr6e7W6uihb29ZeyyOIdEAZ3AXEm Puig==
X-Received: by 10.180.206.36 with SMTP id ll4mr7508706wic.57.1397741215443; Thu, 17 Apr 2014 06:26:55 -0700 (PDT)
Received: from [172.24.248.99] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id bj5sm4904680wib.3.2014.04.17.06.26.54 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 17 Apr 2014 06:26:54 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: (DMARC) Why mailing lists are only sort of special
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20140417131134.5CEFC1ACCF@ld9781.wdf.sap.corp>
Date: Thu, 17 Apr 2014 16:26:52 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3DA69075-C8DB-4E40-8B2C-849AE05CCFF1@gmail.com>
References: <20140417131134.5CEFC1ACCF@ld9781.wdf.sap.corp>
To: mrex@sap.com
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/a7OmVGUy0QgsZgQxONmYrvIizcc
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 13:27:04 -0000

On Apr 17, 2014, at 4:11 PM, Martin Rex <mrex@sap.com> wrote:

> Yoav Nir wrote:
>> 
>> On Apr 17, 2014, at 9:35 AM, Dave Cridland <dave@cridland.net> wrote:
>>> 
>>> Right now, my MUA treats this as a message
>>> "From John R Levine <johnl@taugh.com>"m>". This means that any policy
>>> on the message origination comes from looking solely at the taugh.com
>>> domain. We'll pretend it has a DMARC policy. Herein lies the
>>> Yahoo/DMARC issue, because unless your policy essentially stipulates
>>> that the IETF is allowed to spoof you, we're stuck.
>> 
>> Then perhaps this is what needs to change. John R Levine did not send
>> you a message. He sent a message to the list. It is the list software
>> that sent you a message. So perhaps the From field should have been
>> ?From: IETF Mailing list on behalf of John R Levine <ietf@ietf.org>?g>?.
> 
> But that is EXACTLY what the IETF mailing list exploder *IS* doing
> exactly as it has been specified for ages:
> 
> https://tools.ietf.org/html/rfc822#section-4.4.2
> https://tools.ietf.org/html/rfc822#appendix-A.2
> 
> https://tools.ietf.org/html/rfc5322#section-3.6.2
> 
>            The "From:" field specifies the author(s) of the message,
>   that is, the mailbox(es) of the person(s) or system(s) responsible
>   for the writing of the message.  The "Sender:" field specifies the
>   mailbox of the agent responsible for the actual transmission of the
>   message. 
> 
>  From: Yoav Nir <ynir.ietf@gmail.com>
>  Subject: Re: (DMARC) Why mailing lists are only sort of special
>  Errors-To: ietf-bounces@ietf.org
>  Sender: ietf <ietf-bounces@ietf.org>
>  Date: Thu, 17 Apr 2014 13:50:30 +0300
>  Message-ID: <B3467912-BDCA-4AE8-9939-60013DA99267@gmail.com>
>  To: Dave Cridland <dave@cridland.net>
>  CC: "ietf@ietf.org" <ietf@ietf.org>
> 
> 
> Something as old as Outlook 2003 will properly display a message
> that is received with a "Sender:" as "<Sender> on behalf of <From>”

A client as new as Mail.app on Mac OS X 10.9 does not. 

Obviously the Sender: field is not where the DMARC implementations use for checking policy.

Yoav