Re: DMARC methods in mailman

"John R Levine" <johnl@taugh.com> Tue, 20 December 2016 23:52 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E96D129465 for <ietf@ietfa.amsl.com>; Tue, 20 Dec 2016 15:52:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=RdxxN/G4; dkim=pass (1536-bit key) header.d=taugh.com header.b=nS9UiR3F
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffCFj8IaJhol for <ietf@ietfa.amsl.com>; Tue, 20 Dec 2016 15:52:47 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7ED212711D for <ietf@ietf.org>; Tue, 20 Dec 2016 15:52:46 -0800 (PST)
Received: (qmail 48263 invoked from network); 20 Dec 2016 23:52:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=bc85.5859c452.k1612; bh=GzJiSLcwJI5lt3TAY4AX35PcbSYjgoqf4x2KtpxB66Y=; b=RdxxN/G4HAbc6hav+wGD3GRTmN/BjVx90hGvIEIhrWfSx8mGczZRjcl/MJoVNiRtSnLBcAviz6byu+WAh5pQoGUDcqblruXr0O11kdAsYLIdoCXVCAWUJqGXvuDr6OqUIZisODg38lHk6jghARc6rDAtT8AjUPNi0FslkAZVeCjsYfmq2mYjLdTTDgVeIfBiNvMJmsOZ0ciaOSpLzGvgQzc0M4TyOg4hzLKi0vHXmS/MUp09Sj7wxAcTDoWHdlFN
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=bc85.5859c452.k1612; bh=GzJiSLcwJI5lt3TAY4AX35PcbSYjgoqf4x2KtpxB66Y=; b=nS9UiR3FizrPuIqgZm+r/rjLRavLoWdjbqsGXeTfTIRHeqdHwW8FNy9NnCHJLa1z49VWfwc50qIWxWIMjonxiqCA+pJaY8Ox9TDGs4wtREuKXcCp5SoBIOWLGQbkDwvvnnErCDmmWyWLJ+yiuQGeYdZu9bi5HyTT3C6GIRSlT5gvpRqK4/6GToXfVBLWZWAkLS3TcJHBTBpfx3ROhFu8KPuth1z3FwVPkO9r/htWtcnxxDDLy/fIzL01/RI2uqzX
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 20 Dec 2016 23:52:50 -0000
Date: 20 Dec 2016 18:52:44 -0500
Message-ID: <alpine.OSX.2.11.1612201844570.33468@ary.qy>
From: "John R Levine" <johnl@taugh.com>
To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: DMARC methods in mailman
In-Reply-To: <20161220223544.ktfd2kzrz46mjdnu@thunk.org>
References: <m1cJIF7-0000DEC@stereo.hq.phicoh.net> <20161220195601.23551.qmail@ary.lan> <20161220223544.ktfd2kzrz46mjdnu@thunk.org>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/t_BSMktxZYrXnNEpHgCpqYrtb2U>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2016 23:52:48 -0000

> This starts getting more complicated, but the mailing list could try
> intentionally sending a message which fails DMARC (e.g., with a
> claimed from address of example@yahoo.com) to the mailing list
> subscriber and see if it gets bounced, and use that to set the default
> for that setting automatically?

Without exception, every suggestion made in this discussion has already 
been brought up and addressed on the Mailman developers' list, or the 
DMARC discussion list at dmarc.org.  Perhaps people who find this topic to 
be of interest could learn more faster and save everyone else's time by 
reading the archives.

Among the reasons this particular approach won't work is that at some mail 
providers, notably Gmail, the DMARC treatment varies both by sender and by 
recipient.  Sometimes they reject, sometimes they accept and deliver, 
sometimes they accept and file as spam.  Whatever they do to a test 
message may or may not be what they do to real messages.  Furthermore, 
providers change their DMARC mail handling every day (which as, we may 
recall, is why we have this problem in the first place.)  If an operator 
ignores DMARC failures today, they may do something else next week or next 
year.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly