Re: DMARC: perspectives from a listadmin of large open-source lists

Sabahattin Gucukoglu <> Mon, 14 April 2014 04:11 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 809F81A032C for <>; Sun, 13 Apr 2014 21:11:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.501
X-Spam-Status: No, score=-1.501 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LcYmwaYVkRrD for <>; Sun, 13 Apr 2014 21:11:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B9EB81A0331 for <>; Sun, 13 Apr 2014 21:11:49 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset=windows-1252
Received: from [] ( []) by (Oracle Communications Messaging Server 7u4-27.08( 64bit (built Aug 22 2013)) with ESMTPSA id <> for; Mon, 14 Apr 2014 04:11:31 +0000 (GMT)
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
From: Sabahattin Gucukoglu <>
In-reply-to: <>
Date: Mon, 14 Apr 2014 05:11:29 +0100
Content-transfer-encoding: quoted-printable
Message-id: <>
References: <20140413211024.25200.qmail@joyce.lan> <>
To: Doug Barton <>
X-Mailer: Apple Mail (2.1510)
X-CLX-Spam: false
X-CLX-Score: 1011
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96, 1.0.14, 0.0.0000 definitions=2014-04-12_01:2014-04-11, 2014-04-12, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404140078
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Apr 2014 04:11:54 -0000

On 14 Apr 2014, at 02:59, Doug Barton <> wrote:
> Meanwhile, I'm still not proposing that we train users, or even anti-spam software to "recognize" or "validate" mailing list addresses. What I'm proposing is a way to send mail from a list with From: @domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the left side of the @ sign to identify the actual sender of the message.

I agree.  In fact, I'm resigned to it already.  OTOH, you'll find the idea unpopular around here. :)

FWIW: I really do believe it is a great shame that DMARC misplaces the burden so profoundly.  Also, I've stopped caring--the fact is that given the choice of:
1.  Authenticate every message from everybody without discrimination, at the cost of making mailing lists a lot less like they were in the Good Old Days (™) and breaking a ton of compatibility
2.  Authenticate only some messages, discriminating personal use from business use (and sending conflicting messages about the trustworthiness of the From: field to regular users) but making mailing lists from 1995 shine
I (and I expect lots of people) choose option 1.

We only need to upgrade the mailing list servers.  The people who run those are supposed to be competent--they can probably manage to upgrade to supported software, or patch what they have.  Mailing lists aren't popular any more anyway.  And this is a golden opportunity to bring some trust into Internet mail.  Let's do it.