IETF Logo Mail Archive

DMARC-4-ML: Can the IETF call a demonstration?

Alessandro Vesely <vesely@tana.it> Wed, 14 May 2014 11:52 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 541401A0054 for <ietf@ietfa.amsl.com>; Wed, 14 May 2014 04:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.155
X-Spam-Level:
X-Spam-Status: No, score=0.155 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_GIF_UNO_LARGO=2.176, DC_IMAGE_SPAM_HTML=0.81, DC_IMAGE_SPAM_TEXT=0.242, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IA5Us1hb5kXK for <ietf@ietfa.amsl.com>; Wed, 14 May 2014 04:52:13 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 551AE1A0012 for <ietf@ietf.org>; Wed, 14 May 2014 04:52:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1400068321; bh=gYXvBuP0KBU24zR7/LHZA/hZcF8yLAXZJ/dH4edrDjY=; l=27783; h=Date:From:To; b=cNfvw4Cs2HV4NCdk+pOChh8u7tXEaN41+HXWptBiRHAARGhX1dPSLeqHgifzmkMHE JYz+klgmLRqqGsRRaHMsTveQxpX8ofU/eR8MKE+yDddoqQWUsG/QNOuPKNqRc8NbAu YaqDGXxbG3v9b01cZiPwnbgKw5AODMo9FQ+JMmRQ=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.88] (pcale.tana [172.25.197.88]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Wed, 14 May 2014 13:52:01 +0200 id 00000000005DC035.00000000537358E1.00002233
Message-ID: <537358E1.8060101@tana.it>
Date: Wed, 14 May 2014 13:52:01 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_north-8755-1400068321-0001-2"
To: ietf@ietf.org
Subject: DMARC-4-ML: Can the IETF call a demonstration?
X-Enigmail-Version: 1.6
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/rpCJjKm11UiNi-e_6-mq5U-kO0c
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 11:52:14 -0000

After some discussion on ietf-822, two viable methods were identified
for DMARC for mailing lists (ML).  Someone cutely suggested to do both:

*Tweak DKIM signatures*
To be applied on sending, produce a partial author's domain signature
which can be verified along with the ML signature.  To be refined a
bit, in order to account for chaining from a ML to another.

*Whitelist*
To be applied on receiving, for MLs endorsed by each domain's users.

Both methods require each domain to build a DB of MLs.  That can be
done by a "manual process" (see picture) for the time being.  The
process consists of each ML admin extracting a per-domain list of
subscribers and sending it to the relevant domain postmaster, after
obtaining subscribers' consent.  The volume of data is so huge as to
be akin to an on-line demonstration.

Will the admins go marching in?

Doing nothing will result in a mix of three reactions.  1, ML admins
changing the From: of domains who publish strict DMARC policies;  2,
some users changing mailbox provider; and 3, less domains publishing
strict DMARC policies.  The combined effect seems to weaken both DMARC
and mailing lists.

Ale

v2.23.0 | Report a Bug | By Email