Re: Mailing list membership.
Barry Leiba <barryleiba@computer.org> Thu, 02 March 2017 00:36 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5554412946C for <ietf@ietfa.amsl.com>; Wed, 1 Mar 2017 16:36:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.37
X-Spam-Level:
X-Spam-Status: No, score=-2.37 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.229, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id epXqqu6XRq53 for <ietf@ietfa.amsl.com>; Wed, 1 Mar 2017 16:36:38 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFE05129696 for <ietf@ietf.org>; Wed, 1 Mar 2017 16:36:38 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id l7so43201402ioe.3 for <ietf@ietf.org>; Wed, 01 Mar 2017 16:36:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=H9Pth/Tu8gze+J5nH+WpbMU6jPkE9oiZhzvpihsQ0IY=; b=OJanaVPtuNG6oghp71u1DRWwQkS0R6rnTDkQYvBs1mvdfjW5zuwIGej6tCrqbO609a mXFZG+6Togs8Jij5chgnnRU4p8Jo+YOOcbYS9H5l3XKYKXd/7GgVsfO1yCbGD+4Fa1yg C5tzJ4PYy46KdSBBh2p/OC9ya1x0fs7Tn4JqzUamPsCnoQM34O4enIPwW8k6XVyXVSZf H5PEwqXazmAsnVRRXBnM7mtS9MXtRNn3NCnKNI76vA0q4xXPQWqIJdmNM2xW6Um8y2YE /3YQpEJCjqnczAfElVbTqkjG0dUJDtinIepN6YWbiOSvAKI/5bUhNkBfvsOTcC8HYFwU dk8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=H9Pth/Tu8gze+J5nH+WpbMU6jPkE9oiZhzvpihsQ0IY=; b=uasSagJGht5pcr4nGnW2TwC8c/x8HOrX/bCpZD0YaYu202LUqSg1oHCCVprb7RH+71 DtWaU9O4dyGn1K8TAsGsAWFTJz44BdHOhh2yHjv9fB+2CSUjWG2PFPNCQQywF4wQFw2x 0rQKLA0zoxCdvTvbFvg8TYb7qQbxPsdPlnzXA/k36cwq2bAjwJmgAixAsVGElzlM+zdn 8eK4URSKQPTHBso2MpXJMlQ7ZhlpGOkP5MX+JS2xOSUG8dogBQS+ZdayAGjgUYfChrXH 3rExUmaVD5O9ivYxRriKN4aL4kMv48rVqHTzGTOsLO3ilKEouZWsSU5ufdOdzO843yL4 aPLQ==
X-Gm-Message-State: AMke39lHJALDpvUS5QCld+nbvMBVHqnNFc8ZEAnO0S2Zh3nl0wrCQsT6onJpZYPVaGqX80DdEd6xdVrcHlOP1Q==
X-Received: by 10.107.187.133 with SMTP id l127mr11379953iof.1.1488414998064; Wed, 01 Mar 2017 16:36:38 -0800 (PST)
MIME-Version: 1.0
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.107.35.200 with HTTP; Wed, 1 Mar 2017 16:36:37 -0800 (PST)
In-Reply-To: <a66339b0-bdb8-c64a-55a5-83ff8cab59f3@riseup.net>
References: <6.2.5.6.2.20170226124145.0b7b38c0@elandnews.com> <20f0d769-1937-3256-e37b-9583399c11d3@riseup.net> <20170227011852.GA5403@mx4.yitter.info> <5850e685-2f97-2bdb-87e2-0c11830e1d1c@riseup.net> <HE1PR04MB14490315646CDD5CC7DC2DBCBD570@HE1PR04MB1449.eurprd04.prod.outlook.com> <ae531393-b622-a8b3-2cdd-65a4e99c6e9f@riseup.net> <HE1PR04MB14490DE8834559F6D9D05F7EBD570@HE1PR04MB1449.eurprd04.prod.outlook.com> <60cc8784-2815-32df-0cae-7adfffd0b549@riseup.net> <20170228051843.wkh5skthuyrs5pwz@thunk.org> <bea06868-c7b9-29ec-4f63-1adcca3b9698@riseup.net> <20170301044937.v3vhw3eqgqkxpoup@thunk.org> <cfb52458-8bb9-58fe-d80a-f1b17a6da6cc@comcast.net> <947BCD81-7F9C-4C2E-ADDE-D68DD2BF513A@gmail.com> <70ebe3f4-bae5-7b65-a8ba-b90fdc38dbb8@comcast.net> <C796CA13-8D43-4423-9559-B1B494AB50BE@tzi.org> <a66339b0-bdb8-c64a-55a5-83ff8cab59f3@riseup.net>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 01 Mar 2017 16:36:37 -0800
X-Google-Sender-Auth: ORVonwk-auOcj0Zw4J-H3bFknIo
Message-ID: <CAC4RtVC4YEs-yEK8cuKPxdn0kBwSosh+3K2-AGM3uAx-94U-Bw@mail.gmail.com>
Subject: Re: Mailing list membership.
To: willi uebelherr <willi.uebelherr@riseup.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mEf2N4FjlUnmQ9r2F_0a5_RJj0A>
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 00:36:40 -0000
> super! But what are this attributes, that brings the "DMARC honoring > providers" to hiccup? (in german Schluckauf). I'm not sure what you're asking, but let me explain "the DMARC problem", in case that's what you want to know (and for any who aren't already aware of it): - Bob posts to a mailing list from <bob@example.com>, and example.com is a domain that publishes a DMARC record with the "p=reject" parameter. - (The example.com domain does this because it doesn't like people to send mail that says "From: <address@example.com>" when the mail is not actually from an address at example.com. It's a brand-protection issue, to oversimplify a bit.) - The mailing list prepends "[listname]" to the subject line, and probably sticks some "from the mailing list" text at the end of the message... and then sends it on to the subscribers, leaving the "From:" line unchanged (so it still says <bob@example.com>). - Carol and Ted and Alice are all mailing list subscribers, so each of them is sent a copy of the message. - Alice is <alice@nicedomain.example>, and nicedomain.example looks up and honours DMARC records. - The nicedomain.example mail server checks SPF. It looks up the SPF record for example.com and it sees that the IP address the mail is coming from (which belongs to the list sever) is not authorized to send mail as example.com. So the SPF check fails. - The nicedomain.example mail server checks DKIM. It finds the DKIM signature in the message and tries to verify it. But the changes the list server made to the message (the subject line and the stuff at the end) broke the DKIM signature. So the DKIM check fails. - The nicedomain.example mail server has not been able to authenticate the message with respect to the domain in the "From" line (example.com), so it looks up example.com's DMARC record to see what example.com's policy says. And it says "p=reject". - Honouring that, nicedomain.example rejects ("bounces") the message. - The bounce message goes back to the mailing list server. - The mailing list server sees that a list message it sent to Alice bounced, so it increments the bounce count for Alice. - After a few such messages, Alice's bounce count exceeds the threshold for the mailing list software, and she is unsubscribed from the list. Now, of course, Alice can re-subscribe, but the same thing will eventually happen again... and again. Some workarounds include asking Bob to post from an address at a domain that doesn't publish "p=reject", and/or asking Alice to subscribe from an address at a domain that doesn't reject messages based on DMARC policies. There are also workarounds that can be done in the list server, each of which creates its own problems. None of these workarounds are ideal. The DMARC working group is working on a protocol called ARC, which is aimed at fixing some of these issues. (Hoping this has helped some people to understand what's going on...) -- Barry
- Re: Mailing list membership. John Levine
- Mailing list membership. Khaled Omar
- Re: Mailing list membership. S Moonesamy
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. S Moonesamy
- Re: Mailing list membership. Theodore Ts'o
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. Theodore Ts'o
- Re: Mailing list membership. Kazunori ANDO
- Re: Mailing list membership. Michael StJohns
- Re: Mailing list membership. Bob Hinden
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. Michael StJohns
- Re: Mailing list membership. Carsten Bormann
- Re: Mailing list membership. David Morris
- yet more DMARC stuff, was Re: Mailing list member… John Levine
- Re: Mailing list membership. willi uebelherr
- Re: Mailing list membership. Carsten Bormann
- Re: Mailing list membership. Barry Leiba
- Re: Mailing list membership. Miles Fidelman
- Re: [Mailman-Users] Fwd: Re: Mailing list members… willi uebelherr
- Re: [Mailman-Users] Fwd: Re: Mailing list members… S Moonesamy
- Re: [Mailman-Users] Fwd: Re: Mailing list members… willi uebelherr
- Re: yet more DMARC stuff, was Re: Mailing list me… willi uebelherr
- Re: yet more DMARC stuff, was Re: Mailing list me… Carsten Bormann
- Re: yet more DMARC stuff, was Re: Mailing list me… Dave Crocker
- Re: yet more DMARC stuff, was Re: Mailing list me… Carsten Bormann
- Re: yet more DMARC stuff, was Re: Mailing list me… John R Levine
- Re: yet more DMARC stuff, was Re: Mailing list me… Dave Crocker
- Re: yet more DMARC stuff, was Re: Mailing list me… Carsten Bormann
- Re: yet more DMARC stuff, was Re: Mailing list me… Viktor Dukhovni
- Re: yet more DMARC stuff, was Re: Mailing list me… Philip Homburg
- Re: yet more DMARC stuff, was Re: Mailing list me… Brandon Long
- Re: yet more DMARC stuff, was Re: Mailing list me… Philip Homburg
- Re: yet more DMARC stuff, was Re: Mailing list me… Martin Rex