Re: DMARC and yahoo

Theodore Ts'o <tytso@mit.edu> Mon, 21 April 2014 18:56 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E13141A024B for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 11:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.173
X-Spam-Level:
X-Spam-Status: No, score=-2.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O80tlA-bZqOg for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 11:56:48 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 2E78A1A0261 for <ietf@ietf.org>; Mon, 21 Apr 2014 11:56:48 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1WcJOU-0001jX-S2; Mon, 21 Apr 2014 18:56:42 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id 25F7B5804E2; Mon, 21 Apr 2014 14:56:42 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=ef5046eb; t=1398106602; bh=FbKYv+F+tLnv5nRnkrPEFRoQXno8uHXB2OsQ8lqRt+g=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=t9GRMM6qMWqgwCU0hc//NSIYkK/hTWq1lGDL4tfY11aaN3ejiFJwIiOqqUFKxclMx uWGEOYELOARH5C5M9uwCOZdU23+K3i1/aR5lY/lRjIituZDQCPvP0cs/1f5Wqzuo+i xCkq9Nj4qDxwgCZ+Hu96WZ+Nf8nmFbskqNTa2LaA=
Date: Mon, 21 Apr 2014 14:56:42 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: Doug Royer <douglasroyer@gmail.com>
Subject: Re: DMARC and yahoo
Message-ID: <20140421185642.GB5105@thunk.org>
References: <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com> <20140416012205.GC12078@thunk.org> <24986.1397615002@sandelman.ca> <20140416023813.GA21807@thunk.org> <C8A2B0B4-5FA4-4BFE-AECE-C61667ECF2FB@secure-endpoints.com> <4948F093F369F051CAF0B810@[192.168.1.128]> <53542D90.8030709@gmail.com> <53555D90.7050709@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53555D90.7050709@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/yqrCqGvMhz-UIg6HdfzXMj9Vu7Q
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 18:56:54 -0000

On Mon, Apr 21, 2014 at 12:04:00PM -0600, Doug Royer wrote:
> 
> If yahoo sends out an email from list-name@yahoo, then that is where the
> email is from.
> 
> So it would be correct to set the from/sender in the email to be
> list-name@yahoo.com.
> Why try to make it fake anything?
> 
> If you want to preserve any digital signature in the original message, then
> send the original email as a mime body part in the forwarded message.

Because this message that you just sent was sent _from_ Doug Royer, in
the sense that it was authored by Doug Royer.  It was not authored by
"ietf@ietf.org".org", and that's in fact what most users would find more
interesting, since they have other ways of determining that a
particular message was sent via a particular mailing list reflector.

Fundamentally, this is going to be main issue.  For mailing list
users, when they are following a particular conversation, they want to
be able to easily identify which e-mails were contributed by which
participant.  This has historically been done via the "From" field.
It's possible to reinvent some other field, to indicate who had
originally authored the message --- say, adding a
"X-Originally-Authored-By".  But the fundamental issue is that it's
useful and interesting and wanted that people be able to get the
"originally authored by" message.  And so eventually, MUA are going to
be responsive to users' needs.

The fact that spammers could then use this confuse naive users is not
likely going to stop them, because if you are having a multi-user
conversation via e-mail, to make all of them appear to come from
"mailing-list@host.org" is just not acceptable to the users of that
mailing list.  They will want to know who originally authored the each
e-mail message.

	   	       	    	  - Ted