ietf
[Top] [All Lists]

Re: DMARC and ietf.org

2014-07-21 14:10:33

On 7/20/2014 10:51 PM, John Levine wrote:
I thought the preferred solution was to rewrite the From for
those users only.

I think that remains controversial. ...

There is no consensus at all on how mailing lists should deal with
DMARC problems.

Not quite John.

The specific DMARC protocol aside, with any author domain policies in general, whether it was SSP, ADSP or any DKIM author domain signing authorization protocol (DSAP), there was a consensus RFC built document that provided the basic guideline for mailing list operations in dealing with restrictive DKIM signing policies. It used ADSP as the "DSAP" of the day. But replace ADSP with DMARC and the design recommendations apply:

   RFC6377  DomainKeys Identified Mail (DKIM) and Mailing Lists
   http://tools.ietf.org/html/rfc6377

And overall, the basic guideline was to support the framework, not ignore it as it never existed and instead pushed for breaking the security protocol.

As a LIST developer and implementor of the "DSAP" protocol, it was simple:

 1) Deny Restrictive Domains from Subscribing
 2) Deny Restrictive Domains from List Submission
 3) Pottery Principle "You break it, you own it" - Resign mail

That is all at the top level that needed to be done and all the above really has nothing to do with a mailing list but the mail receiver verifier and the outbound mail server.

This is about not wanting to do a basic author domain signature authorization lookup for any kind of mail service.

--
HLS