Re: DMARC: perspectives from a listadmin of large open-source lists

Hector Santos <hsantos@isdg.net> Tue, 15 April 2014 22:58 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB54B1A0027 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 15:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.002
X-Spam-Level:
X-Spam-Status: No, score=-102.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5dZpbbp9qvVS for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 15:58:05 -0700 (PDT)
Received: from news.winserver.com (ntbbs.santronics.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 983301A0028 for <ietf@ietf.org>; Tue, 15 Apr 2014 15:58:05 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2554; t=1397602676; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=nikQtC+iuBEzXHCCCJPemdpC0EQ=; b=p2LjWsu3voJRBSElJP6P 6O4kLcbZsfmiCIjWQ9X/P92c90j853UPJCrXlYZrHssgB3+SfVj1MaVtXtJfYFeT qpjgah0yQxXAl+ENrbFeEbus90dKop6gMOomhYtO+g9dGCtHgBPJFirFO2zOi0lb VCVaWX1D4wz1eMwMeJA6jeQ=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Tue, 15 Apr 2014 18:57:56 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from hector.wildcatblog.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 711253096.3.3568; Tue, 15 Apr 2014 18:57:56 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2554; t=1397602609; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=7cCBM+s pr2F0InQxlS6boEtPfRN+fT1pcMK7vGXPD/c=; b=Qo9dsGc3hX3dCPsw8mog2ii cwc9gg60RqXcYuSkXWj8NszRB0xcoW57PWRTc/7W09fDq65KXhkeKSunNYvW44sj qcpZ1xcoo+J5699It+CiWVunEha7SLrY2qAVq1D9Z2WVzqQmpqqClZeqvM/oxQ9N CCTBoxiGP9JbnPJvtoMo=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Tue, 15 Apr 2014 18:56:49 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 730785906.9.8504; Tue, 15 Apr 2014 18:56:49 -0400
Message-ID: <534DB973.3000403@isdg.net>
Date: Tue, 15 Apr 2014 18:57:55 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Pete Resnick <presnick@qti.qualcomm.com>, Dave Crocker <dcrocker@bbiw.net>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <1EBDF5239EEE5202D3837D25@JcK-HP8200.jck.com> <534B9760.90301@dougbarton.us> <6C80882F19CCEDFE15E987CA@JcK-HP8200.jck.com> <534BEF75.5060804@bbiw.net> <534DB093.5020507@qti.qualcomm.com>
In-Reply-To: <534DB093.5020507@qti.qualcomm.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/qcMzv_FGOA5fuS4bm7BLEeFiWI0
Cc: John C Klensin <john-ietf@jck.com>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 22:58:11 -0000

On 4/15/2014 6:20 PM, Pete Resnick wrote:
> On 4/14/14 9:23 AM, Dave Crocker wrote:
>
>> Mediators, like mailing lists, take final delivery and post a new
>> message.  In formal terms, it's legitimate for them to create a
>> different rfc5322.From field, including one that looks like some
>> sort of 'rewrite' of the one used by the original author.
>
> It's legitimate for a mailing list to rewrite the author, but it would
> be wrong. :-)

+1.

> More seriously: If the mailing list wishes to express that I am the
> author of *this message*, then I belong in the "From:" field. That
> differs semantically from forwarding a message authored by me; then
> the list is saying that the list is the author, and it is simply
> quoting me, but that the list is the entity that should be considered
> to have written the message. For most mailing lists, that seems like
> the wrong semantics to try to convey.
>
> There should be a mechanism for an author to send a message to a
> mailing list, granting the mailing list permission to redistribute
> that message, and have that permission conveyed to the mailing list
> recipient such that when the mailing list recipient receives the
> message, they can assure themselves that the originating domain is OK
> with that redistribution. Sounds like some protocol which could be
> written.

The methods was developed.  It was discussed during SSP, proposed in 
2006 DSAP I-D [1] as an Authorized, or Allowed Signer List (ASL),  and 
Murray wrote 2012 ATPS [2] to piggy back off the ADSP as an extension.

I've implemented ADSP, ATPS in our Mailing List Server (MLS).  A 
wizard was created [3] for public usages. A private version used for 
customers for their DKIM manager. I've held back on DMARC support but 
it will be the exact logic add.

> (If the originating domain is expressly *not* OK with the
> redistribution, the mailing list should bounce the message back to the
> author saying as much.)

I would suggest it be more of an ACCEPT + NOTIFY with explanation 
rather than bounce, but yet, the denial is needed.  Its also described 
in DSAP and I believed also in Murray's DKIM Mailing List BCP [4].

-- 
HLS

[1] DKIM Signature Authorization Protocol
     http://tools.ietf.org/html/draft-santos-dkim-dsap-00

[2] DKIM Authorized Third-Party Signatures
     http://tools.ietf.org/html/rfc6541

[3] DKIM Policy Zone Record Generator and Test Simulator v2.7
     http://www.winserver.com/public/wcadsp

[4] DKIM and Mailing Lists
     http://tools.ietf.org/html/bcp167