IETF Logo Mail Archive

Re: Mailing list membership.

Barry Leiba <barryleiba@computer.org> Thu, 02 March 2017 00:36 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5554412946C for <ietf@ietfa.amsl.com>; Wed, 1 Mar 2017 16:36:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.37
X-Spam-Level:
X-Spam-Status: No, score=-2.37 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.229, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id epXqqu6XRq53 for <ietf@ietfa.amsl.com>; Wed, 1 Mar 2017 16:36:38 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFE05129696 for <ietf@ietf.org>; Wed, 1 Mar 2017 16:36:38 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id l7so43201402ioe.3 for <ietf@ietf.org>; Wed, 01 Mar 2017 16:36:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=H9Pth/Tu8gze+J5nH+WpbMU6jPkE9oiZhzvpihsQ0IY=; b=OJanaVPtuNG6oghp71u1DRWwQkS0R6rnTDkQYvBs1mvdfjW5zuwIGej6tCrqbO609a mXFZG+6Togs8Jij5chgnnRU4p8Jo+YOOcbYS9H5l3XKYKXd/7GgVsfO1yCbGD+4Fa1yg C5tzJ4PYy46KdSBBh2p/OC9ya1x0fs7Tn4JqzUamPsCnoQM34O4enIPwW8k6XVyXVSZf H5PEwqXazmAsnVRRXBnM7mtS9MXtRNn3NCnKNI76vA0q4xXPQWqIJdmNM2xW6Um8y2YE /3YQpEJCjqnczAfElVbTqkjG0dUJDtinIepN6YWbiOSvAKI/5bUhNkBfvsOTcC8HYFwU dk8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=H9Pth/Tu8gze+J5nH+WpbMU6jPkE9oiZhzvpihsQ0IY=; b=uasSagJGht5pcr4nGnW2TwC8c/x8HOrX/bCpZD0YaYu202LUqSg1oHCCVprb7RH+71 DtWaU9O4dyGn1K8TAsGsAWFTJz44BdHOhh2yHjv9fB+2CSUjWG2PFPNCQQywF4wQFw2x 0rQKLA0zoxCdvTvbFvg8TYb7qQbxPsdPlnzXA/k36cwq2bAjwJmgAixAsVGElzlM+zdn 8eK4URSKQPTHBso2MpXJMlQ7ZhlpGOkP5MX+JS2xOSUG8dogBQS+ZdayAGjgUYfChrXH 3rExUmaVD5O9ivYxRriKN4aL4kMv48rVqHTzGTOsLO3ilKEouZWsSU5ufdOdzO843yL4 aPLQ==
X-Gm-Message-State: AMke39lHJALDpvUS5QCld+nbvMBVHqnNFc8ZEAnO0S2Zh3nl0wrCQsT6onJpZYPVaGqX80DdEd6xdVrcHlOP1Q==
X-Received: by 10.107.187.133 with SMTP id l127mr11379953iof.1.1488414998064; Wed, 01 Mar 2017 16:36:38 -0800 (PST)
MIME-Version: 1.0
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.107.35.200 with HTTP; Wed, 1 Mar 2017 16:36:37 -0800 (PST)
In-Reply-To: <a66339b0-bdb8-c64a-55a5-83ff8cab59f3@riseup.net>
References: <6.2.5.6.2.20170226124145.0b7b38c0@elandnews.com> <20f0d769-1937-3256-e37b-9583399c11d3@riseup.net> <20170227011852.GA5403@mx4.yitter.info> <5850e685-2f97-2bdb-87e2-0c11830e1d1c@riseup.net> <HE1PR04MB14490315646CDD5CC7DC2DBCBD570@HE1PR04MB1449.eurprd04.prod.outlook.com> <ae531393-b622-a8b3-2cdd-65a4e99c6e9f@riseup.net> <HE1PR04MB14490DE8834559F6D9D05F7EBD570@HE1PR04MB1449.eurprd04.prod.outlook.com> <60cc8784-2815-32df-0cae-7adfffd0b549@riseup.net> <20170228051843.wkh5skthuyrs5pwz@thunk.org> <bea06868-c7b9-29ec-4f63-1adcca3b9698@riseup.net> <20170301044937.v3vhw3eqgqkxpoup@thunk.org> <cfb52458-8bb9-58fe-d80a-f1b17a6da6cc@comcast.net> <947BCD81-7F9C-4C2E-ADDE-D68DD2BF513A@gmail.com> <70ebe3f4-bae5-7b65-a8ba-b90fdc38dbb8@comcast.net> <C796CA13-8D43-4423-9559-B1B494AB50BE@tzi.org> <a66339b0-bdb8-c64a-55a5-83ff8cab59f3@riseup.net>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 01 Mar 2017 16:36:37 -0800
X-Google-Sender-Auth: ORVonwk-auOcj0Zw4J-H3bFknIo
Message-ID: <CAC4RtVC4YEs-yEK8cuKPxdn0kBwSosh+3K2-AGM3uAx-94U-Bw@mail.gmail.com>
Subject: Re: Mailing list membership.
To: willi uebelherr <willi.uebelherr@riseup.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mEf2N4FjlUnmQ9r2F_0a5_RJj0A>
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 00:36:40 -0000

> super! But what are this attributes, that brings the "DMARC honoring
> providers" to hiccup? (in german Schluckauf).

I'm not sure what you're asking, but let me explain "the DMARC
problem", in case that's what you want to know (and for any who aren't
already aware of it):

- Bob posts to a mailing list from <bob@example.com>, and example.com
is a domain that publishes a DMARC record with the "p=reject"
parameter.

- (The example.com domain does this because it doesn't like people to
send mail that says "From: <address@example.com>" when the mail is not
actually from an address at example.com.  It's a brand-protection
issue, to oversimplify a bit.)

- The mailing list prepends "[listname]" to the subject line, and
probably sticks some "from the mailing list" text at the end of the
message... and then sends it on to the subscribers, leaving the
"From:" line unchanged (so it still says <bob@example.com>).

- Carol and Ted and Alice are all mailing list subscribers, so each of
them is sent a copy of the message.

- Alice is <alice@nicedomain.example>, and nicedomain.example looks up
and honours DMARC records.

- The nicedomain.example mail server checks SPF.  It looks up the SPF
record for example.com and it sees that the IP address the mail is
coming from (which belongs to the list sever) is not authorized to
send mail as example.com.  So the SPF check fails.

- The nicedomain.example mail server checks DKIM.  It finds the DKIM
signature in the message and tries to verify it.  But the changes the
list server made to the message (the subject line and the stuff at the
end) broke the DKIM signature.  So the DKIM check fails.

- The nicedomain.example mail server has not been able to authenticate
the message with respect to the domain in the "From" line
(example.com), so it looks up example.com's DMARC record to see what
example.com's policy says.  And it says "p=reject".

- Honouring that, nicedomain.example rejects ("bounces") the message.

- The bounce message goes back to the mailing list server.

- The mailing list server sees that a list message it sent to Alice
bounced, so it increments the bounce count for Alice.

- After a few such messages, Alice's bounce count exceeds the
threshold for the mailing list software, and she is unsubscribed from
the list.

Now, of course, Alice can re-subscribe, but the same thing will
eventually happen again... and again.

Some workarounds include asking Bob to post from an address at a
domain that doesn't publish "p=reject", and/or asking Alice to
subscribe from an address at a domain that doesn't reject messages
based on DMARC policies.  There are also workarounds that can be done
in the list server, each of which creates its own problems.  None of
these workarounds are ideal.

The DMARC working group is working on a protocol called ARC, which is
aimed at fixing some of these issues.

(Hoping this has helped some people to understand what's going on...)

-- 
Barry

v2.23.0 | Report a Bug | By Email