IETF Logo Mail Archive

Re: [dmarc-ietf] IETF Mailing Lists and DMARC

Brandon Long <blong@google.com> Thu, 03 November 2016 22:39 UTC

Return-Path: <blong@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08EC31294B9 for <ietf@ietfa.amsl.com>; Thu, 3 Nov 2016 15:39:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zNNEheLQoen for <ietf@ietfa.amsl.com>; Thu, 3 Nov 2016 15:39:24 -0700 (PDT)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B868012989E for <ietf@ietf.org>; Thu, 3 Nov 2016 15:39:24 -0700 (PDT)
Received: by mail-oi0-x231.google.com with SMTP id x4so115292431oix.2 for <ietf@ietf.org>; Thu, 03 Nov 2016 15:39:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=I0akMsMo5Yq2tMOLvsqGEvXso8X47Nkek2KiXdvDpEk=; b=h5sNE1B5io4E0AOLsVnIt+NplAGYz6vbWwEGo6t0XJ3I6np3s+FydTrIXxnvnn3R42 sLyGrkKFqpXWy7R5dxnJztAH9cMy8kBvcuz/+OGCK5sH4in4lB+CRXwTKhKpVk7DwJB8 UDQha+1ESTt8yQPfutb7EcaES7ReMZ72+pznW448SOqsB3eIrPeR13JrDUtoAJMN8eCS xpDsA5f2IYOXtDU6KZBxW2i/kASKRy+v0g3vyLEThfVgvRm6si07YNUN7TYwMPet9Wd6 U1Srsmjfardux1g5yb7aWbQ9JrUGJjtgqzVCwpVYia+X1OnzPbmpdUJfbqR5bhJV646+ pUcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=I0akMsMo5Yq2tMOLvsqGEvXso8X47Nkek2KiXdvDpEk=; b=IK9Ia/eKNNxZMgZaUXvrf3DKGIn2KKHuh26aLPhR7lAe98n7vfc0wK8s+HFhRi6uZO uFpQDKvpRJGyiIL3xbV26UNy+icESLRJf7V1DZKCaHJnCgN0fn+micFDTdmc9AbPj7jX 3JnjYS3COHwBg+wx4TcYCIsRgF9dpRhWep+oKGSPW9yehn5fKqGzgcfipWQiTPdXRcD3 /cL7iP7T8IhuZXHUHMzwBiyARkZ8BdI4H7wUZTX/4CE/njpluxTX7V3iKzZIv2o+hL2s RhJkuFNN123ZQx2lAsRm3jaPa57h2KqvwdQ6T3F0QUDv6IgRa4HkhrZsF4sbUWZsAqsg rs2Q==
X-Gm-Message-State: ABUngvc/X90M9/MVQ41cUAjba0B8ozA7CarVYldTV0vB8KgPvJtwiH0ZmisARbjIPw/lKQIDCADCsyc5StFn1eIm
X-Received: by 10.157.6.7 with SMTP id 7mr8350685otn.43.1478212763634; Thu, 03 Nov 2016 15:39:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.39.167 with HTTP; Thu, 3 Nov 2016 15:39:22 -0700 (PDT)
In-Reply-To: <5c0220dd-20b6-5e8e-fe9c-b402675cc559@gmail.com>
References: <678C2FBA-A661-4556-A300-5C08562B5F8A@iii.ca> <29429.1478113235@obiwan.sandelman.ca> <CABa8R6vHdt75NFKW3s6xOzLcq=jmVAHDPX0tjLRdGpYSTP2cYA@mail.gmail.com> <5c0220dd-20b6-5e8e-fe9c-b402675cc559@gmail.com>
From: Brandon Long <blong@google.com>
Date: Thu, 03 Nov 2016 15:39:22 -0700
Message-ID: <CABa8R6vTX=agyoUsUMXqS11R8eUC-shosb09CT=h0h1i1C5kmA@mail.gmail.com>
Subject: Re: [dmarc-ietf] IETF Mailing Lists and DMARC
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c095f7aae743805406d3aaf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fpNWVNYafgn33ykaYtVKGjc88CA>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "dmarc@ietf.org" <dmarc@ietf.org>, IETF <ietf@ietf.org>, Cullen Jennings <fluffy@iii.ca>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 22:39:27 -0000

On Wed, Nov 2, 2016 at 3:19 PM, Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> On 03/11/2016 10:58, Brandon Long wrote:
> > With the understanding that my email is unlikely to be received by some
> of
> > those having issues...
> >
> > Let us assume that those who specify p=REJECT have a good reason for
> doing
> > so, and that after 2-3 years, they are unlikely to change back.
> >
> > Let us also assume that the members of these organizations who are
> > participating in IETF may or may not have any power over whether their
> > admins have decided to be p=REJECT.
> >
> > And let us assume that we want these folks to participate in IETF.
>
> Let me stop you right there. Yes, we want everybody to be free to
> participate in the IETF, and presumably those people want to participate
> in the IETF. But participants have to be able to use the tools that the
> IETF has chosen, which includes mailing lists. That's always been true.
> (In 1992, when I started in the IETF, it meant knowing how to subscribe
> to a majordomo list. Today, subscribing is a bit easier, but it means
> avoiding the DMARC trap.)
>
> So such participants need to use an email sending address that works
> with IETF mailing lists.
>
> yahoo.com and google.com don't work properly with IETF mailing lists.
> Fortunately, very fine alternatives are available, such as gmail.com.
> (gmail's spam learning is even smart enough to work around p=reject,
> as it did for this very message that I'm replying too.)
>
> I think Michael Richardson made a very valid point. If our mailing
> list software detects a sender whose domain has p=reject, we *know*
> that the forwarded message will fail DMARC validation. So there's a
> strong case for rejecting the message immediately, so that the sender
> can be told about the problem and can choose a different sending address.
> Presumably, we'd only need to do this until ARC is deployable.
>

If enforcement of DMARC was universal (or nearly so), sure.  Except, it's
not.
As you said, Gmail didn't enforce it in this instance.

Rejecting the messages is definitely an option.  As stated down thread, I
wouldn't
think it's the best choice for the members.

Brandon

v2.23.0 | Report a Bug | By Email