ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: DMARC and ietf.org

2014-07-21 14:18:56
from [MH Michael Hammer (5304)] [Permanent Link] 
John is correct. There is no consensus on how mailing lists should deal with 
DMARC problems, notwithstanding what rfc6377 says about DKIM. ADSP never gained 
enough real world implementation for there to be a meaningful consensus. One 
need only look at the discussion threads on the IETF (and other) list(s) 
following the publication of DMARC p=reject by several large mailbox providers 
to see the diverse range of views.

While I disagree with John on some things, in this case he is 100% dead on. To 
pretend otherwise is to do a disservice to the mailing list community and the 
mail community at large.

Mike


-----Original Message-----
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Hector 
Santos
Sent: Monday, July 21, 2014 3:10 PM
To: ietf(_at_)ietf(_dot_)org
Subject: Re: DMARC and ietf.org


On 7/20/2014 10:51 PM, John Levine wrote:

I thought the preferred solution was to rewrite the From for those
users only.


I think that remains controversial. ...


There is no consensus at all on how mailing lists should deal with
DMARC problems.


Not quite John.

The specific DMARC protocol aside, with any author domain policies in
general, whether it was SSP, ADSP or any DKIM author domain signing
authorization protocol (DSAP),  there was a consensus RFC built document
that provided the basic guideline for mailing list operations in dealing with
restrictive DKIM signing policies. It used ADSP as the "DSAP" of the day. But
replace ADSP with DMARC and the design recommendations apply:

    RFC6377  DomainKeys Identified Mail (DKIM) and Mailing Lists
    http://tools.ietf.org/html/rfc6377

And overall, the basic guideline was to support the framework, not ignore it
as it never existed and instead pushed for breaking the security protocol.

As a LIST developer and implementor of the "DSAP" protocol, it was simple:

  1) Deny Restrictive Domains from Subscribing
  2) Deny Restrictive Domains from List Submission
  3) Pottery Principle "You break it, you own it" - Resign mail

That is all at the top level that needed to be done and all the above really 
has
nothing to do with a mailing list but the mail receiver verifier and the
outbound mail server.

This is about not wanting to do a basic author domain signature authorization
lookup for any kind of mail service.

--
HLS
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DMARC and ietf.org, Hector Santos
Next by Date:  Re: DMARC and ietf.org, Hector Santos
Previous by Thread:  Re: DMARC and ietf.org, Hector Santos
Next by Thread:  Re: DMARC and ietf.org, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]