Re: DMARC: perspectives from a listadmin of large open-source lists

"John R. Levine" <> Wed, 16 April 2014 04:56 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EF81C1A0027 for <>; Tue, 15 Apr 2014 21:56:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RcFYH6T8UOyi for <>; Tue, 15 Apr 2014 21:56:46 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f06:1126::2]) by (Postfix) with ESMTP id 418C41A0021 for <>; Tue, 15 Apr 2014 21:56:46 -0700 (PDT)
Received: (qmail 48251 invoked from network); 16 Apr 2014 04:56:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:mime-version:content-type:user-agent:cleverness; s=bc7a.534e0d8a.k1404; bh=5/OHzN3eEQSI9I6RicxbuV5cff8g6b1p6vOsmKZtYtY=; b=NErPYK66evKjeNbWlVFy+B/+55OsK5bHU9L3C700+F3F3nO7ZNYrkdGCn0j4MIHnk3dfWlEGzG0hqnRJcp9ia/jRly/Sqr0CS4XOmgjd1hEzNpVTbgI0ma0XV2fzYaQ8jpc9ipVAs7hEIXBj5/WFuXWngpH7V5pJl8Im2RjpXpNHBOXBraEc/8pkuESUHboOCdhDE8c7SK8LYytOrFxRAaC3H/yNWRmYqhwFqrZj69/HP7RICXfiiJJrBAc35rAG
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 16 Apr 2014 04:56:42 -0000
Date: 16 Apr 2014 00:56:42 -0400
Message-ID: <alpine.BSF.2.00.1404160054290.40095@joyce.lan>
From: "John R. Levine" <>
To: "IETF general list" <>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: MULTIPART/signed; protocol="application/pkcs7-signature"; micalg=sha1; BOUNDARY="3825401791-39995716-1397624202=:40095"
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Apr 2014 04:56:51 -0000

>want to allow modification of the subject field (e.g., adding a tag)
>and/or the body (e.g., adding header and footer) - then you might have
>to be a little cleverer, perhaps by providing information about the
>diffs in extra headers and doing a few comparisons at the receiving end
>(subject tag = *****<original-signed-subject>).

That's unlikely to be a productive direction to go.  We had a lot of 
arguments about message modification when we were designing the DKIM 
strict and loose message digests.  We never found a way to allow subject 
tags that wouldn't also enable all sorts of abuse, and I don't think we 
missed anything.

The reasonable way to use DKIM with mailing lists has always been for
the list to add its own signature, and to use the list signatures to
develop a (presumably good) reputation for the list so its mail gets
delivered.  See the signatures on the messages from this list for an