Re: DMARC: perspectives from a listadmin of large open-source lists

Hector Santos <> Tue, 15 April 2014 22:58 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id CB54B1A0027 for <>; Tue, 15 Apr 2014 15:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.002
X-Spam-Status: No, score=-102.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5dZpbbp9qvVS for <>; Tue, 15 Apr 2014 15:58:05 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 983301A0028 for <>; Tue, 15 Apr 2014 15:58:05 -0700 (PDT)
DKIM-Signature: v=1;; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2554; t=1397602676; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=nikQtC+iuBEzXHCCCJPemdpC0EQ=; b=p2LjWsu3voJRBSElJP6P 6O4kLcbZsfmiCIjWQ9X/P92c90j853UPJCrXlYZrHssgB3+SfVj1MaVtXtJfYFeT qpjgah0yQxXAl+ENrbFeEbus90dKop6gMOomhYtO+g9dGCtHgBPJFirFO2zOi0lb VCVaWX1D4wz1eMwMeJA6jeQ=
Received: by (Wildcat! SMTP Router v7.0.454.4) for; Tue, 15 Apr 2014 18:57:56 -0400
Authentication-Results:; dkim=pass header.s=tms1; adsp=pass policy=all;
Received: from ( []) by (Wildcat! SMTP v7.0.454.4) with ESMTP id 711253096.3.3568; Tue, 15 Apr 2014 18:57:56 -0400
DKIM-Signature: v=1;; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2554; t=1397602609; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=7cCBM+s pr2F0InQxlS6boEtPfRN+fT1pcMK7vGXPD/c=; b=Qo9dsGc3hX3dCPsw8mog2ii cwc9gg60RqXcYuSkXWj8NszRB0xcoW57PWRTc/7W09fDq65KXhkeKSunNYvW44sj qcpZ1xcoo+J5699It+CiWVunEha7SLrY2qAVq1D9Z2WVzqQmpqqClZeqvM/oxQ9N CCTBoxiGP9JbnPJvtoMo=
Received: by (Wildcat! SMTP Router v7.0.454.4) for; Tue, 15 Apr 2014 18:56:49 -0400
Received: from [] ([]) by (Wildcat! SMTP v7.0.454.4) with ESMTP id 730785906.9.8504; Tue, 15 Apr 2014 18:56:49 -0400
Message-ID: <>
Date: Tue, 15 Apr 2014 18:57:55 -0400
From: Hector Santos <>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Pete Resnick <>, Dave Crocker <>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan> <> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: John C Klensin <>,
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 22:58:11 -0000

On 4/15/2014 6:20 PM, Pete Resnick wrote:
> On 4/14/14 9:23 AM, Dave Crocker wrote:
>> Mediators, like mailing lists, take final delivery and post a new
>> message.  In formal terms, it's legitimate for them to create a
>> different rfc5322.From field, including one that looks like some
>> sort of 'rewrite' of the one used by the original author.
> It's legitimate for a mailing list to rewrite the author, but it would
> be wrong. :-)


> More seriously: If the mailing list wishes to express that I am the
> author of *this message*, then I belong in the "From:" field. That
> differs semantically from forwarding a message authored by me; then
> the list is saying that the list is the author, and it is simply
> quoting me, but that the list is the entity that should be considered
> to have written the message. For most mailing lists, that seems like
> the wrong semantics to try to convey.
> There should be a mechanism for an author to send a message to a
> mailing list, granting the mailing list permission to redistribute
> that message, and have that permission conveyed to the mailing list
> recipient such that when the mailing list recipient receives the
> message, they can assure themselves that the originating domain is OK
> with that redistribution. Sounds like some protocol which could be
> written.

The methods was developed.  It was discussed during SSP, proposed in 
2006 DSAP I-D [1] as an Authorized, or Allowed Signer List (ASL),  and 
Murray wrote 2012 ATPS [2] to piggy back off the ADSP as an extension.

I've implemented ADSP, ATPS in our Mailing List Server (MLS).  A 
wizard was created [3] for public usages. A private version used for 
customers for their DKIM manager. I've held back on DMARC support but 
it will be the exact logic add.

> (If the originating domain is expressly *not* OK with the
> redistribution, the mailing list should bounce the message back to the
> author saying as much.)

I would suggest it be more of an ACCEPT + NOTIFY with explanation 
rather than bounce, but yet, the denial is needed.  Its also described 
in DSAP and I believed also in Murray's DKIM Mailing List BCP [4].


[1] DKIM Signature Authorization Protocol

[2] DKIM Authorized Third-Party Signatures

[3] DKIM Policy Zone Record Generator and Test Simulator v2.7

[4] DKIM and Mailing Lists