Re: [IETF] DMARC methods in mailman

Theodore Ts'o <tytso@mit.edu> Mon, 26 December 2016 14:49 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8DAB12964F for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 06:49:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thunk.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utcWwkE_1-c5 for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 06:49:04 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF56512964D for <ietf@ietf.org>; Mon, 26 Dec 2016 06:49:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=tqTAkca2RH+bVQY4FR1IunYFUi7Vr7cNGVrdkameItI=; b=SWXwTnKHLOyWtfUY6GF95I1OxaTVG/i5DrEAAdP7H/4iVarppgDLvp70J3QOfSsYC+06YdvhNKVUd0z/LPhcNODTNNzvOZIjmsxjYYIzLPgmMo8uLxhTNQWUNbJfIX6vGvBft9Blso4Nt3QnZIOexhNybTd66CRIHWF0wncnFKA=;
Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.84_2) (envelope-from <tytso@thunk.org>) id 1cLWaF-0006np-5t; Mon, 26 Dec 2016 14:49:03 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806) id 4A376C005E0; Mon, 26 Dec 2016 09:49:01 -0500 (EST)
Date: Mon, 26 Dec 2016 09:49:01 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
Subject: Re: [IETF] DMARC methods in mailman
Message-ID: <20161226144901.f4ym2d6bzz5zxafp@thunk.org>
References: <m1cKvWY-0000HFC@stereo.hq.phicoh.net> <EA2191A9-CF62-4984-8275-E0295A207237@gmail.com> <35FC8FF8-A4E6-423F-994C-304B4B3AAF94@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <35FC8FF8-A4E6-423F-994C-304B4B3AAF94@dukhovni.org>
User-Agent: NeoMutt/20161126 (1.7.1)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mbVgaWuRJVN6whKArm1T9_e6Ybc>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2016 14:49:06 -0000

On Sun, Dec 25, 2016 at 01:05:59PM -0500, Viktor Dukhovni wrote:
> 
> The need for email origin authentication to specify that "Sender" preempts
> "From" has been well understood for a long time before there there was DMARC.
> If there is to be a non-broken replacement, it must correct this design error
> and place the "burden" of dealing with that on any MUAs that fail to display
> Sender (as e.g. from <sender> on behalf of <author>).

But if MUA's do this, then it becomes trivial to phish consumers,
which was the original excuse for DMARC.  So if MUA's do this,
eventually Yahoo and the other big mail providers will promulgate a
non-standard "fix" that will bounce message with Sender lines that
aren't equal to the From field.   And then what will you do?

Hint: stop using mail providers that obey non-standard mail protocols,
because they *will* break you eventually, and/or randomly.

					- Ted