Re: DMARC: perspectives from a listadmin of large open-source lists

Scott Kitterman <scott@kitterman.com> Tue, 08 April 2014 05:18 UTC

Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E41C1A011D for <ietf@ietfa.amsl.com>; Mon, 7 Apr 2014 22:18:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ig3Iv-pcN65T for <ietf@ietfa.amsl.com>; Mon, 7 Apr 2014 22:18:39 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) by ietfa.amsl.com (Postfix) with ESMTP id 316221A0117 for <ietf@ietf.org>; Mon, 7 Apr 2014 22:18:39 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id ECD1CD04508; Tue, 8 Apr 2014 01:18:32 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2014-01; t=1396934313; bh=ukAHfCuxWSas6lMlhTEtO2HCwIAnjrddf6uYaHgmWPs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=gmdhfnmZLIApgxvUoZay95dKzQyypuyllj9RLFqfX0mKzZqsvfPvBy6K8Z2nHubYi gP3kkyF4nod1sBPM/I/DBEWj7+m0wORLoLbW4cXt2nc8mjrRPY1E66VmB6K/MexinN c4GO+8+LM09aNI6B5Mh8yf8mlmtErKAPeWjVu0o8=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id B7155D042F2; Tue, 8 Apr 2014 01:18:32 -0400 (EDT)
From: Scott Kitterman <scott@kitterman.com>
To: ietf general list <ietf@ietf.org>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
Date: Tue, 08 Apr 2014 01:18:29 -0400
Message-ID: <1418087.9IOA94zE9f@scott-latitude-e6320>
User-Agent: KMail/4.11.5 (Linux/3.11.0-19-generic; KDE/4.11.5; x86_64; ; )
In-Reply-To: <E2D6EA08-144D-4DB3-ABFC-6F98AF3C588F@me.com>
References: <robbat2-20140408T031810-279861577Z@orbis-terrarum.net> <alpine.BSF.2.00.1404072357400.73388@joyce.lan> <E2D6EA08-144D-4DB3-ABFC-6F98AF3C588F@me.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/sZ91964iJKSyGqd4tUr-D0LBgfk
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 05:18:44 -0000

On Tuesday, April 08, 2014 06:06:27 Sabahattin Gucukoglu wrote:
> On 8 Apr 2014, at 05:21, John R Levine <johnl@taugh.com> wrote:
> > Mailing list apps can't "implement DMARC" other than by getting rid of
> > every feature that makes lists more functional than simple forwarders.
> > Given that we haven't done so for any of the previous FUSSPs that didn't
> > contemplate mailing lists, because those features are useful to our
> > users, it seems unlikely we'll do so now.
> Well,  Mailman 2.1.16 has the FROM_IS_LIST feature that "Fixes" the problem
> by putting the list address in the From: field.  That seems to work, except
> that you lose information (the sender's address) if the list wants to
> operate a policy of "Reply goes to list".  You can then assure that DKIM
> signatures are valid and set up SPF, etc.  This also has the effect of
> letting you operate through the various cloud email platforms that try to
> validate sender addresses.
> 
> But I agree it's broken.

It's unrelated to SPF.  SPF uses Mail From and so on lists that aren't just 
forwarders, the list already uses it's own Mail From.  The only way SPF gets 
roped into this thing is the DMARC use of SPF plus an insistence on "identity 
alignment" to add a requirement that the From domain is in the same domain as 
Mail From.  That's not SPF's fault.

DMARC is interesting for the feedback reports, but I'm certainly not 
publishing reject policies on any domains I have that have real users.

Scott K