Re: Suggestion: can we test DMARC deployment with a mailing list?
Theodore Ts'o <tytso@mit.edu> Fri, 02 May 2014 23:35 UTC
Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 486EF1A6FEC for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 16:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.952
X-Spam-Level:
X-Spam-Status: No, score=-1.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e60PJVwVIn1M for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 16:35:32 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 5F6561A09B6 for <ietf@ietf.org>; Fri, 2 May 2014 16:35:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=vrl185tYbJgR2g5MB4CKBczpLGLovKdKce7ybyKUkDk=; b=lubsIe1IymLu9nVZBrSrgbwx8+158LX+Aau0njMcoky+0YmNbYMAwMnlqfJhM2oyljlVL/jmT8uPIq2Hku9Yv8/qQRqnIeC81QL8brlxXpdk3ZT+ioQw2yI7eh5UIOyN1xR3pE99b1qlmIpN+BlyOCDKNum4ADjBiNlmW+aVqmc=;
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1WgMzI-0003I0-Ih; Fri, 02 May 2014 23:35:28 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id F0716580734; Fri, 2 May 2014 19:35:27 -0400 (EDT)
Date: Fri, 02 May 2014 19:35:27 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: John R Levine <johnl@taugh.com>
Subject: Re: Suggestion: can we test DMARC deployment with a mailing list?
Message-ID: <20140502233527.GC24108@thunk.org>
References: <20140502211317.81216.qmail@joyce.lan> <E32E56A1-F404-489B-96F5-FCF335BFD57A@cisco.com> <alpine.BSF.2.00.1405021731280.81340@joyce.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.00.1405021731280.81340@joyce.lan>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/nCpspaXpLSzdzww6oDSQ12gjkJ0
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 23:35:34 -0000
On Fri, May 02, 2014 at 06:52:05PM -0400, John R Levine wrote: > The problems are occuring at the end points, not at the IETF. For example, > aaron@aol.com posts to a list, where one of the subscribers is > charlie@comcast.net. The list adds a subject tag and footer, as our lists > have done since forever, and remails it to Charlie. Comcast's DMARC > software observes that this message has an aol.com addresss in the From: > line, but didn't come from an AOL IP host (SPF) or has it a valid aol.com > DKIM signature, so Comcast bounces it. This isn't hypothetical; I've seen > exactly this in my logs. If you think about the inventives of the entities in question, it's really not that surprising. Yahoo and AOL will want to force people to use their web-based forums, so they have no incentive to make life easier for mailing lists. And Comcast has an opportunity to steal mail users from Yahoo and AOL by telling the world the solution is to use their comcast.net address, since they promise not to enable p=reject (even as they enforce it with a vengeance): http://postmaster.comcast.net/dmarcupdate.html - Ted
- Suggestion: can we test DEMARC deployment with a … Fred Baker (fred)
- Re: Suggestion: can we test DEMARC deployment wit… Christopher Morrow
- Re: Suggestion: can we test DEMARC deployment wit… Douglas Otis
- Re: Suggestion: can we test DMARC deployment with… John Levine
- Re: Suggestion: can we test DEMARC deployment wit… Dave Crocker
- Re: Suggestion: can we test DMARC deployment with… Fred Baker (fred)
- Re: Suggestion: can we test DMARC deployment with… John R Levine
- Re: Suggestion: can we test DMARC deployment with… Theodore Ts'o
- Re: Suggestion: can we test DMARC deployment with… Douglas Otis
- Re: Suggestion: can we test DMARC deployment with… John R Levine
- Re: Suggestion: can we test DEMARC deployment wit… Hector Santos
- Re: Suggestion: can we test DMARC deployment with… Theodore Ts'o
- Re: Suggestion: can we test DEMARC deployment wit… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Miles Fidelman
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Fred Baker (fred)
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Miles Fidelman
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Fred Baker (fred)
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Dave Crocker
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Douglas Otis
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… ned+ietf
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Hector Santos
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… John Levine
- Re: [dmarc-ietf] Suggestion: can we test DEMARC d… Doyle, John