IETF Logo Mail Archive

Re: DMARC and ietf.org

"John Levine" <johnl@taugh.com> Wed, 20 July 2016 11:32 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65B0312D52B for <ietf@ietfa.amsl.com>; Wed, 20 Jul 2016 04:32:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gZceRRrDxcgM for <ietf@ietfa.amsl.com>; Wed, 20 Jul 2016 04:32:49 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 751F312DBD5 for <ietf@ietf.org>; Wed, 20 Jul 2016 04:32:37 -0700 (PDT)
Received: (qmail 3217 invoked from network); 20 Jul 2016 11:32:36 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 20 Jul 2016 11:32:36 -0000
Date: Wed, 20 Jul 2016 11:32:14 -0000
Message-ID: <20160720113214.1389.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: DMARC and ietf.org
In-Reply-To: <BE67956E-7299-41D1-B8D6-B66AD18081D7@vigilsec.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/kbIxtyPMjJugOkGDljpkLo76DOA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 11:32:51 -0000

>We know that outgoing alias email still has the problem.  The Secretariat is did some experiments with some additional headers
>(Resent-*) to alias mail.  They were not able to determine whether this headers helped destination servers or not.

I can promise you they don't.  There is a thing called ARC under
development that is intended to undo most of the DMARC damage.  The
large mail systems and the Mailman developers are all aware of it.

Until then, there's a range of workarounds that range from bad to
really unpleasant:

http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail

The most common (and in my view one of the worst) is to rewrite the
From: line to use the list's address, sometimes just addresses with
DMARC problems, sometimes for all addresses.  For this audience I
expect I don't have to explain why that's bad.

On my lists (which are in sympa rather than mailman, but with the
same issues) I do a per-author rewrite on DMARC'ed addresses, e.g.

 From: Ms Meyer <marissa@yahoo.com>

turns into

 From: Ms Meyer <marissa@yahoo.com.dmarc.fail>

That makes DMARC happy, and I set up forwards good for a few days
so replies generally work.  (Yes, dmarc.fail is a real domain.)

I'd be happy to talk to whoever maintains our Mailman to help do the
same thing.  Mine is implemented as a small shim between the list
software and the sendmail program, with no patches to the list manager
code.

R's,
John

v2.23.0 | Report a Bug | By Email