Re: DMARC: perspectives from a listadmin of large open-source lists

Doug Barton <dougb@dougbarton.us> Sun, 13 April 2014 20:28 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC4D1A02D2 for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 13:28:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.426
X-Spam-Level:
X-Spam-Status: No, score=0.426 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bNWhrWHFaXuJ for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 13:28:52 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) by ietfa.amsl.com (Postfix) with ESMTP id D5ECC1A02CA for <ietf@ietf.org>; Sun, 13 Apr 2014 13:28:52 -0700 (PDT)
Received: from [192.168.2.19] (unknown [99.17.31.1]) by dougbarton.us (Postfix) with ESMTPSA id B8F3222C1F for <ietf@ietf.org>; Sun, 13 Apr 2014 20:28:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1397420930; bh=UTZlky4cYmU6JNOxJm3sakToBTaF5ddZdCE6CKqA9FI=; h=Date:From:To:Subject:References:In-Reply-To; b=O2LzSXr0aA00t4it/wCA7KnRjP/bsKl2XBciDM5h5KlhNZZY7sB1G1tmdwBAwQEe/ T7oGm5KGjK0ELJ2tUQvgJwxuCNIiwOTpaiOj30BVRQ44eZ2sHDymP7go0xOfjhcXKk +rHaScH+yEg0qkp/gFPZZ3T3ia0+4H+BFqgjpfO8=
Message-ID: <534AF382.1030806@dougbarton.us>
Date: Sun, 13 Apr 2014 13:28:50 -0700
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <robbat2-20140408T031810-279861577Z@orbis-terrarum.net> <alpine.BSF.2.00.1404072357400.73388@joyce.lan> <E2D6EA08-144D-4DB3-ABFC-6F98AF3C588F@me.com>
In-Reply-To: <E2D6EA08-144D-4DB3-ABFC-6F98AF3C588F@me.com>
X-Enigmail-Version: 1.6
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/eeN4nczG9ZHl0sxqjgApNCdEt-Y
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Apr 2014 20:28:57 -0000

On 04/07/2014 10:06 PM, Sabahattin Gucukoglu wrote:
> On 8 Apr 2014, at 05:21, John R Levine <johnl@taugh.com> wrote:
>> Mailing list apps can't "implement DMARC" other than by getting rid of every feature that makes lists more functional than simple forwarders. Given that we haven't done so for any of the previous FUSSPs that didn't contemplate mailing lists, because those features are useful to our users, it seems unlikely we'll do so now.
>
> Well,  Mailman 2.1.16 has the FROM_IS_LIST feature that "Fixes" the problem by putting the list address in the From: field.  That seems to work, except that you lose information (the sender's address) if the list wants to operate a policy of "Reply goes to list".  You can then assure that DKIM signatures are valid and set up SPF, etc.  This also has the effect of letting you operate through the various cloud email platforms that try to validate sender addresses.

I haven't seen this suggestion anywhere yet, although I don't follow 
DMARC development, but here goes ...

Building on the FROM_IS_LIST idea, rather than having the From be 
rewritten to simply "list@example.com" why not establish a convention 
(dare I say "standard?") to encode the real from address and list to the 
left of the @ sign? The rub with DMARC/SPF/DKIM is the domain itself, 
not the whole address.

Something like user.name-at-realsenderdomain.tld%list@example.com would 
work. I'm sure others could come up with better suggestions. In this way 
the identity of the sender is preserved, and the sending domain of the 
message satisfies the anti-spam tools. MUAs could then be adapted to 
decode the addresses in this form and show a "real" fake From field.

Given that tools like DMARC more or less work for everything but mailing 
lists (I'm being generous here in the interests of re-framing the 
discussion into solutions instead of griping), and given that mailing 
lists constitute a tiny percentage of overall e-mail traffic, I think 
that the solutions to this problem are going to lie with the mailing 
list software vendors. I think the above would work, but I'm not an 
expert in this area so feel free to tell me why I'm wrong.

Doug