ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: (DMARC) Why mailing lists are only sort of special

2014-04-17 05:51:05
from [Yoav Nir] [Permanent Link] 

On Apr 17, 2014, at 9:35 AM, Dave Cridland <dave(_at_)cridland(_dot_)net> wrote:


On 16 April 2014 21:57, John R Levine <johnl(_at_)taugh(_dot_)com> wrote:
This means that mailing lists (and other forwarding cases) are enforced
into having DMARC records in order to forward DMARC originating messages,
which seems reasonable, and the Sender addresses must also be relatively
sensible, which they normally are already.

I may be missing something.

How do I distinguish the nice mailing lists at ietf.org from random evil 
spammer domains sending spam with List-ID headers?

Every proposal I've seen like this ends up tripping over the fact that there 
is no technical way to distinguish between mail from real mailing lists and 
spam that looks like it's from mailing lists.  Hence you need a whitelist for 
the real mail, at which point all of the mechanism beyond the key for the 
whitelist (probably a DKIM signature) is superfluous.


There's no more need for whitelist here than on DMARC mail as things stand, 
of course, but it does mean that senders need tracking as well as authors, 
and senders need to be explicit and reliable. I'd assume reputation services 
(of which whitelists are just an extreme case) would be in play regardless.

Let's consider the message to which I am replying.

Right now, my MUA treats this as a message "From John R Levine 
<johnl(_at_)taugh(_dot_)com>". This means that any policy on the message 
origination comes from looking solely at the taugh.com domain. We'll pretend 
it has a DMARC policy. Herein lies the Yahoo/DMARC issue, because unless your 
policy essentially stipulates that the IETF is allowed to spoof you, we're 
stuck.


<disclaimer> speaking only as an end-user here </disclaimer>

Then perhaps this is what needs to change. John R Levine did not send you a 
message. He sent a message to the list. It is the list software that sent you a 
message. So perhaps the From field should have been “From: IETF Mailing list on 
behalf of John R Levine <ietf(_at_)ietf(_dot_)org>”. The Reply-To could be set 
to either John’s real address or the mailing list address, depending on what we 
think users mean when they click “Reply” - reply to John or reply to the list.

Yoav
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What I've been wondering about the DMARC problem, Sabahattin Gucukoglu
Next by Date:  Re: "why I quit writing internet standards", Thomas Nadeau
Previous by Thread:  Re: (DMARC) Why mailing lists are only sort of special, Dave Cridland
Next by Thread:  Re: (DMARC) Why mailing lists are only sort of special, Martin Rex
Indexes:  [Date] [Thread] [Top] [All Lists]