Re: What I've been wondering about the DMARC problem

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 17 April 2014 20:06 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C28A11A00E6 for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 13:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkxMemRD7z_L for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 13:06:34 -0700 (PDT)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com [IPv6:2607:f8b0:400e:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 52EB01A00D1 for <ietf@ietf.org>; Thu, 17 Apr 2014 13:06:34 -0700 (PDT)
Received: by mail-pa0-f52.google.com with SMTP id rd3so728246pab.39 for <ietf@ietf.org>; Thu, 17 Apr 2014 13:06:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=t9KDDLSRrOdHQYmg0sRQlUlcgIC+mXZ7z0/LojsHzB8=; b=cI3lAW2lHDpHfYTloU8xUCfIP0CpgNd9cFbCd3s5FJabn/W8t3FIAQ9iEx+GX/MV1Z HlInd8Oq5DrzhBuXy/iA4GCSWPYVwK0JwUrSVLoosOOWWwZNugrYsOHUiZb+4DkDOonr xOX/KuESg10ZLGr/sZaKBJk9TG/nMmomhoD6C/Ja35M3+J3D+Dv3JIjdCshWcM8v3Ir8 wZEu47012XYfixctPN+LEy8Mvoi10tbGmj+4UoQLVSd6eNg1ejYU2LUUViE3HDn9gVHt BfNsytNV+qsPPwBjQS5vn71cfFkLBtmpxEGycCIG3rJnCxVbkzUR3RUFchxj6tg72w6R QfKw==
X-Received: by 10.69.26.103 with SMTP id ix7mr17626579pbd.41.1397765190758; Thu, 17 Apr 2014 13:06:30 -0700 (PDT)
Received: from [192.168.178.20] (34.199.69.111.dynamic.snap.net.nz. [111.69.199.34]) by mx.google.com with ESMTPSA id bz4sm55373848pbb.12.2014.04.17.13.06.26 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 17 Apr 2014 13:06:29 -0700 (PDT)
Message-ID: <5350344B.1000400@gmail.com>
Date: Fri, 18 Apr 2014 08:06:35 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Sabahattin Gucukoglu <listsebby@me.com>
Subject: Re: What I've been wondering about the DMARC problem
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAKW6Ri5f5KZyJeL7RTG2T000Qd+t61KCofNmG2JZv+nKi94Uug@mail.gmail.com> <534C0078.3070808@meetinghouse.net> <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534C2262.1070507@meetinghouse.net> <CAL0qLwb5p_V3i-NGhKJZBeO0qKHm1xiAq1E3nYkBzVUAXkRPpQ@mail.gmail.com> <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <534D5516.7060902@dcrocker.net> <534D98CC.9080400@gmail.com> <2478F2D1-2E08-45D7-86A2-36443959E272@me.com> <534EE9EA.9060403@gmail.com> <09B6AA22-9D1D-4EE4-AB27-2506A1E08EDA@me.com>
In-Reply-To: <09B6AA22-9D1D-4EE4-AB27-2506A1E08EDA@me.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/rdyg8bbxpvNWvOBQoxgu6bf7_V8
Cc: Jim Fenton <fenton@bluepopcorn.net>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 20:06:39 -0000

On 17/04/2014 22:03, Sabahattin Gucukoglu wrote:
> On 16 Apr 2014, at 21:36, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>> On 16/04/2014 18:58, Sabahattin Gucukoglu wrote:
>>> On 15 Apr 2014, at 21:38, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>>> The mailman fix is worse than the disease. I think the .INVALID fix is
>>>> much better, because Reply-all will still work.
>>> Reply-all should still work with the Mailman fix; 
>> It doesn't work *properly*. Firstly, this message wouldn't be sent
>> to you with CC to the list, which is the correct semantic.
>> If you weren't a subscriber, you would never see it. Secondly,
> 
> Sorry, but I appear to be confused.
> 
> The Reply-To: field is adjusted to be the author's address, 

Oh, OK. Most UAs will probably do what you describe, but I think
there are exceptions. However, if I want to reply to the author
alone, it's now the simple Reply that will fail me, because it
will reply to the list. And in my mail folders, messages will
all appear to come from the list; if I want to find the message
that Sabahattin sent me two years ago, I can't, because my UA
doesn't allow for searching on the Reply-To field.

It's still got very poor semantics.

    Brian

> on a discussion list like this where replies go back to the authors.  Just in case we're talking across purposes somehow and to avoid all doubt, the fix we are talking about is described here:
> http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html
> 
> Unless your MUA is doing something very unusual, and some do, then pressing "Reply all" should produce a message addressed to me, with a CC that contains the remainder of the recipient addresses.  The From: is completely irrelevant.
> 
> I'm just waiting to be told that I've missed the obvious. :)
> 
> Now, FWIW, a better way is as has been suggested here, namely to synthesise addresses for each subscriber.  That's how I'd do it: every mailing list post has its From: rewritten, like:
> ietf-resend+brian.e.carpenter=gmail.com@ietf.org
> 
> That address remails to you, first checking that a subscriber of the list is recognised.  In the process, it performs the same transformation on the From: field of the message, so as to pass SPF alignment.  It is hoped that your interlocutor happens to be on the list, also, or that you are still on the list when he is trying to contact you.
> 
>> the first line above would read:
>>
>> On 16/04/2014 18:58, IETF discussion list wrote:
>>
>> which is untrue.
> 
> It isn't necessary to change the personal name.  Some MUAs may very cleverly add one in the absence of one, or store it in an address book, though, incorrectly.  With the resend method above this issue is less problematic; furthermore the list software can add "(via listname)" to make the distinction less confusing.
> 
> No, none of these suggestions are perfect.  I'm not looking for a perfect solution though, I'm looking for one that works, for now.  Throwing people off my lists *is not* an option.
> 
> Cheers,
> Sabahattin
> 
>