Re: [IETF] DMARC methods in mailman

Theodore Ts'o <tytso@mit.edu> Tue, 27 December 2016 16:10 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6153129471 for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 08:10:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thunk.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RlSlbz7lbYM5 for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 08:10:49 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E313128824 for <ietf@ietf.org>; Tue, 27 Dec 2016 08:10:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=dH5rAP+ghbImf4AFr2gDDWbcCgnEZ0KJec1yebZtdcI=; b=evdZ0PdQ5jOUIHG0m4eBhOj20MCwOsulKITiD5rXgRBZtad8uDHuIZDVNdOyDL8drzm3HDIoBlhYURTtkZOfpYdfbOcfIH1S+mict3IoAAAER5mDTu59I+ijxo09AlKpfGnLjLnEPnqCKM1InkkcS0grcJ3PGpgvyOMeWl8jINk=;
Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.84_2) (envelope-from <tytso@thunk.org>) id 1cLuKt-0005Cc-Dh; Tue, 27 Dec 2016 16:10:47 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806) id 41AFDC00433; Tue, 27 Dec 2016 11:10:45 -0500 (EST)
Date: Tue, 27 Dec 2016 11:10:45 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: IETF general list <ietf@ietf.org>
Subject: Re: [IETF] DMARC methods in mailman
Message-ID: <20161227161045.ntov3e3mqvoorn7i@thunk.org>
References: <20161227013401.11378.qmail@ary.lan> <A2F8894E-C983-42F2-9EB9-3E7032615F86@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <A2F8894E-C983-42F2-9EB9-3E7032615F86@dukhovni.org>
User-Agent: NeoMutt/20161126 (1.7.1)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/qChnvC213a67dMd_q231u-ot4Lo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2016 16:10:51 -0000

On Mon, Dec 26, 2016 at 11:13:37PM -0500, Viktor Dukhovni wrote:
> Right and DMARC has put an end to email phishing, and this progress
> is in serious jeopardy of being undone if a bad guy can send an email
> 
> 	From: Bobby Phisher <rf@notbank.example> on behalf of Joe Banker <joe@bank.example>
> 
> and is at no risk with:
> 
> 	From: Joe Banker <joe@bank.notbank.example>
> 
> Reminds me of "Yes minister", we've to do *something* about
> phishing and DMARC is something...

My point was that if Phishing is this unmitigated evil that justifies
doing anything, including inflicting pain on mailing lists, and the
big mail providers will not be moved, then there are only so many
choices available to development groups/organizations which rely on
mailing lists.

(1) Acquiesce and transition to using bulletin board web fora that
don't work when you are reading mail off-line, and require you to
periodically remember to go to a particulra web site to catch up on
the latest mailing list discussion.

(2) Acquiesce and inflict pain on mailing list users:
     (a) Inflicting the pain on everyone, and give people who
         know that they are using mail systems that don't
	 conform to DMARC to opt-out of the pain.
     (b) Require users who know they are using a DMARC-system
     	 (perhaps with hueristics to automatically set the default
	 correctly) to opt-in to DMARC-required from field mangling.

(3) Decide that perhaps mailing lists for developers are incompatible
    with mass-market consumer-grade mail systems.
     (a) Make it the problem of those mail users whose mail system has
         an involuntary DMARC policy to know they need to switch to
         another mail system.  (I'm surprised there are actually that
         many Google employees that are still sending from google.com
         addresses to IETF lists, although admittedly I've been
         working more to make sure that Google engineers participating
         in open source mailing lists use their personal gmail.com
         addresses --- or sending from their kernel.org addresses ---
         instead of their google.com addresses.)
     (b) Make it the problem of those mail users who mail systems
         honor DMARC policies as a receiver to switch to another mail
	 system.
     (c) For those mail systems that don't really honor DMARC
         policies, but rather treat it as a strong SPAM signal, make
         it the problem of the mail users to dig e-mails out of the
         Spam folder, and hopefully this will cause the machine
         learning systems of said mail systems to figure things out
         eventually --- or those mail users can switch to a developer-
	 friendly mail system.
     
All of the various solutions have downsides, or fit into the category
of, "in the long term, it will allow for easier phishing, so the
people who have inflicted DMARC on e-mail will have a some other
non-standard change that will screw over mailing lists *again*" ---
some of the MUA changes proposed fall into this latter category; if
they are done on a wide scale, they *will* inspire the big mail
providers to disallow List-ID: or Sender: headers.

It may be that ARC will help, somewhat, but I suspect it will not be a
silver bullet, and to some extent, we will have to choose one of the
three solutions in the end anyway, because it won't be a complete
solution.  In the best case, ARC may make (3) a more palatable
alternative, in that the failure modes caused by DMARC plus ARC are
small enough that people are willing to live with (c), or where the
failure modes are enough to force users to switch to mail systems
where (c) is practical, and so the IETF might have enough courage in
its own strength and economic importance not to knuckle under to the
big mail providers, because the number of dropped messages to due
DMARC and ARC not being a complete solution is small enough ---
certainly a few messages are lost to SPAM filters today, and we live
with this.


I will again remind people that the incentive to participate in Linux
Kernel development was enough for IBM to allow its engineers to use
IMAP clients instead of Lotus Notes --- and not even
standards-violating Domino servers for which corrupting whitespace in
the body is a mandatory behavior that can't be disabled --- but
instead using honest, standards-compliant open source IMAP servers.

This was a non-trivial achievement, to go up against IBM Software
Group.  Standing up for your principles *does* work as a strategy,
even when the company that needed to be influenced was a big company
like IBM.

If a company really wants to participate in an external standards or
open source activity, because there is a strong business case, it will
find a way.  If it doesn't, then issues relating to the mail system
probably won't make a difference in the long term.  Certainly the IETF
has shown its impotence with respect to mail standards...

						- Ted