Re: DMARC: perspectives from a listadmin of large open-source lists

S Moonesamy <sm+ietf@elandsys.com> Mon, 14 April 2014 09:39 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 485C91A03A8 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 02:39:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.163
X-Spam-Level:
X-Spam-Status: No, score=-0.163 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.272, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KuGh3zUV04nu for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 02:39:11 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id BED1B1A0298 for <ietf@ietf.org>; Mon, 14 Apr 2014 02:39:11 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.146.211]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s3E9ct08010474 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Apr 2014 02:39:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1397468348; bh=SXoTz9GvFsReA1Ft3aF8NXD8et+CSDJlJdvz7BfXrmY=; h=Date:To:From:Subject:In-Reply-To:References; b=iFcrc4NkzK7BfGdScQooie4xsv0djFgJgnftrZ3PY0utzlopPQWRYUNjOwfMfcFxD Q9m2EHmzcK4EGyV8zmfHTYx0VoOyCUGESwhLxvE6LALL+3yoSmjBP1e4Ck9Au87T8H VoHGpymnO3vXFIZsbYYEYpR0yNyJfMeN9gFqnMpw=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1397468348; i=@elandsys.com; bh=SXoTz9GvFsReA1Ft3aF8NXD8et+CSDJlJdvz7BfXrmY=; h=Date:To:From:Subject:In-Reply-To:References; b=yBu3v4ZocRQQLj/vnhQcQDmbTmutnNkORksTfxOfJi0fIV0U+u/EqdZPKRXwX2wuK 4oHf8mH95c23RrvvYAdwtiM8G7nV4MZ9lRahxtyi9IcvX1K35070AhAk83+EUKrxyq MhINJ/ps8jYuikhKpyHmNIxJc/pDYax8h8gPtACs=
Message-Id: <6.2.5.6.2.20140413225142.0c3d3158@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 14 Apr 2014 00:38:28 -0700
To: Alessandro Vesely <vesely@tana.it>, ietf@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <5347C698.6040108@tana.it>
References: <robbat2-20140408T031810-279861577Z@orbis-terrarum.net> <alpine.BSF.2.00.1404072357400.73388@joyce.lan> <01P6EEIPML6600004W@mauve.mrochek.com> <6.2.5.6.2.20140408101346.0ccb5e88@resistor.net> <alpine.BSF.2.00.1404081325130.76892@joyce.lan> <5347C698.6040108@tana.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/a9RP4Z01p2CdHX-aHMzTe9JwskY
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 09:39:16 -0000

Hi Alessandro,
At 03:40 11-04-2014, Alessandro Vesely wrote:
>Please feel free to amend that page at your leisure.

"Big, popular brands are often used in phishing and scam email 
attacks and I'm sure you've seen some of them first hand" [1].  DMARC 
is a technology that provides brand protection.  Let's say that you 
work for cs.helsinki.fi.  cs.helsinki.fi currently publishes a policy 
to protect its brand.  If you use that domain name to send a message 
to ietf@ietf.org, cs.helsinki.fi will reject that message.  Several 
big companies will also reject that message.

The suggestion is to have the ietf.org mail service rewrite the 
domain part in the "From:" header as cs.helsinki.fi.invalid.  The 
ietf.org mail service is not doing that at the moment.  The mail 
service does not have to do that as the collateral damage is 
considered as acceptable.  The rewrite will cause other problems.

Email is like the Titanic.

Regards,
S. Moonesamy

1. 
http://www.symantec.com/connect/blogs/introducing-dmarc-validation-email-securitycloud