Re: DMARC: perspectives from a listadmin of large open-source lists

Sabahattin Gucukoglu <listsebby@me.com> Mon, 14 April 2014 04:11 UTC

Return-Path: <listsebby@me.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 809F81A032C for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 21:11:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.501
X-Spam-Level:
X-Spam-Status: No, score=-1.501 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LcYmwaYVkRrD for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 21:11:49 -0700 (PDT)
Received: from st11p02mm-asmtp001.mac.com (st11p02mm-asmtpout001.mac.com [17.172.220.236]) by ietfa.amsl.com (Postfix) with ESMTP id B9EB81A0331 for <ietf@ietf.org>; Sun, 13 Apr 2014 21:11:49 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset=windows-1252
Received: from [192.168.1.6] (natbox.sabahattin-gucukoglu.com [213.123.192.30]) by st11p02mm-asmtp001.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0N40002ZJ6B5ND90@st11p02mm-asmtp001.mac.com> for ietf@ietf.org; Mon, 14 Apr 2014 04:11:31 +0000 (GMT)
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
From: Sabahattin Gucukoglu <listsebby@me.com>
In-reply-to: <534B40F8.1000808@dougbarton.us>
Date: Mon, 14 Apr 2014 05:11:29 +0100
Content-transfer-encoding: quoted-printable
Message-id: <33951EF9-4C5A-4594-A34B-589D583002B9@me.com>
References: <20140413211024.25200.qmail@joyce.lan> <534B40F8.1000808@dougbarton.us>
To: Doug Barton <dougb@dougbarton.us>
X-Mailer: Apple Mail (2.1510)
X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaGBEKTEMXGx0EGx0YBBIZBBscEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hjeREKQ04XSxsbGmJCH2luHARwGXhzB xlvGh4bG3weEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxwQGx4aHxsRCl5ZF2FNe3l lEQpMRhdia2sRCkNaFxgbGQQbGBkEGxMYBBkaEQpEWBcYEQpESRcbEQpCRRdmUH1dH21kGgVIY xEKQk4XbHBgeUAdYlJpGmIRCkJMF2dJH215aRh+ckJNEQpCbBdlaGUYbU0cGENGThEKQkAXb0J QXX1NaX4dG1ARCnBoF2wSXm9cewFDeF9/EQpwaBdoQXBmf2xoY2tIHBEKcGgXYkNwaXt6TkVZG 14RCnBoF2gbeFBQTlkSbR5SEQpwaBdiWUFrWE4cGl1QaREKcGwXa2ZOa0FlX2ZTZwERCnBMF2I Tem1zBXgBQF9NEQ==
X-CLX-Spam: false
X-CLX-Score: 1011
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96, 1.0.14, 0.0.0000 definitions=2014-04-12_01:2014-04-11, 2014-04-12, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404140078
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/o-xyOzlv7AbwfCnxjLST5bN6xFU
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 04:11:54 -0000

On 14 Apr 2014, at 02:59, Doug Barton <dougb@dougbarton.us> wrote:
> Meanwhile, I'm still not proposing that we train users, or even anti-spam software to "recognize" or "validate" mailing list addresses. What I'm proposing is a way to send mail from a list with From: @domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the left side of the @ sign to identify the actual sender of the message.

I agree.  In fact, I'm resigned to it already.  OTOH, you'll find the idea unpopular around here. :)

FWIW: I really do believe it is a great shame that DMARC misplaces the burden so profoundly.  Also, I've stopped caring--the fact is that given the choice of:
1.  Authenticate every message from everybody without discrimination, at the cost of making mailing lists a lot less like they were in the Good Old Days (™) and breaking a ton of compatibility
2.  Authenticate only some messages, discriminating personal use from business use (and sending conflicting messages about the trustworthiness of the From: field to regular users) but making mailing lists from 1995 shine
I (and I expect lots of people) choose option 1.

We only need to upgrade the mailing list servers.  The people who run those are supposed to be competent--they can probably manage to upgrade to supported software, or patch what they have.  Mailing lists aren't popular any more anyway.  And this is a golden opportunity to bring some trust into Internet mail.  Let's do it.

Cheers,
Sabahattin