Re: DMARC: perspectives from a listadmin of large open-source lists

S Moonesamy <sm+ietf@elandsys.com> Tue, 08 April 2014 19:29 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49FEC1A04B8 for <ietf@ietfa.amsl.com>; Tue, 8 Apr 2014 12:29:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.272
X-Spam-Level:
X-Spam-Status: No, score=-2.272 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id boL4D5yLRXp0 for <ietf@ietfa.amsl.com>; Tue, 8 Apr 2014 12:29:06 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id C908D1A023B for <ietf@ietf.org>; Tue, 8 Apr 2014 12:29:06 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.128.104]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s38JSsAr026935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Apr 2014 12:29:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1396985345; bh=LaiKApddjJQ82dfwyU36hlvf9gGbGjFDrMaNSGJiRZY=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=l5X4/uAjGFsSaEJ2ds6G70AXbM4nvnuUx4sjk6ab70/eWVCCxhvK5IpqAwbY8MH9D dfotVnEvrvrM5HrX4w+4maRQJm4GTkbT7gQVuqLgNFJ97kJQs5IEFU6UNnVSHanhFe lNV2cIgofGH0JvNgCrWzlu2GeA88JRFMf55yh+Os=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1396985345; i=@elandsys.com; bh=LaiKApddjJQ82dfwyU36hlvf9gGbGjFDrMaNSGJiRZY=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=C6g2SkSyQF70MZsG/qAQCYhr1LZolgAVe06G6NoehwM8Ndx+Jsj9TxstShrSAorMi 0ST2vmf+Z7yvu3GOYCFqSPyuWIkeDEz+yIdAKXsoX66D7RF4ToN2g9N0P+KZfO9U6Q 2ctvRy1aniU0zuGQTtUxuwCZC0YGHgwrQM3K0cMc=
Message-Id: <6.2.5.6.2.20140408110441.0ccb5070@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 08 Apr 2014 11:55:58 -0700
To: "John R Levine" <johnl@taugh.com>
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
In-Reply-To: <alpine.BSF.2.00.1404081325130.76892@joyce.lan>
References: <robbat2-20140408T031810-279861577Z@orbis-terrarum.net> <alpine.BSF.2.00.1404072357400.73388@joyce.lan> <01P6EEIPML6600004W@mauve.mrochek.com> <6.2.5.6.2.20140408101346.0ccb5e88@resistor.net> <alpine.BSF.2.00.1404081325130.76892@joyce.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/kNahEgFDRU1lnDeE8LnjIIFBtHU
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 19:29:11 -0000

Hi John,
At 10:34 08-04-2014, John R Levine wrote:
>I've never been a big fan of RFC 6377, but this bit seems relevant 
>since strict ADSP policies had pretty much the same problems as 
>strict DMARC policies.

Strict ADSP policies do cause problems.

>    For domains that do publish strict ADSP policies, the originating
>    site SHOULD use a separate message stream (see Section 2.5), such as
>    a signing and Author subdomain, for the "personal" mail -- a
>    subdomain that is different from domain(s) used for other mail
>    streams.  This allows each to develop an independent reputation, and
>    more stringent policies (including ADSP) can be applied to the mail
>    stream(s) that do not go through mailing lists or perhaps do not get
>    signed at all.
>
>As far as I know, the "participating MLM" thing has never been 
>implemented, which makes the C in BCP rather suspect.  My own MLM 
>signs the outgoing mail and adds an Authentication-Results: header, 
>but largely by default because it's embedded in a mail system that 
>does those things.

There was a message stating that the IETF implemented support for 
DKIM ( 
http://www.ietf.org/mail-archive/web/ietf-announce/current/msg09173.html 
).  Given that there is an existing BCP about DKIM and mailing lists 
it might be assumed that the IETF is following it.  There is a 
recommendation in the BCP to reject some types of messages.

My mailing list implementation does not break DKIM signatures.  I 
would not describe it as a "participating MLM" as the postmaster does 
not follow some of the recommendations in that BCP. :-)

>Just today I did modify it so that any list mail with a From: 
>address @yahoo.com is re written to @yahoo.com.INVALID.  That's the 
>least intrusive way I've been able to come up with to mitigate the 
>damage. It's also similar to what RFC 6858 suggests for delivering 
>EAI mail to systems that can't handle EAI, which is a vaguely similar problem.

I found some other domains which implemented DMARC as described at 
http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html  I 
suggest taking that into account if you haven't already done it.

Regards,
S. Moonesamy