Re: [Mailman-Developers] Adding DMARC support for Mailman 3
----- Original Message -----
From: "Stephen J. Turnbull" <stephen@xemacs.org> To: "Franck Martin" <franck@peachymango.org> Cc: "Mailman Developers" <Mailman-Developers@python.org> Sent: Monday, July 8, 2013 2:01:43 AM Subject: Re: [Mailman-Developers] Adding DMARC support for Mailman 3
Franck Martin writes:
If the From: contains the posting email of the mailing list, one would think that the default becomes reply to the list, but this is where Reply-To: can be used.
Most users do not display Reply-To; many cannot (at least not at their level of technical skill). This means that they get no indication of the author of a message unless the author signs the body of the mail, which often isn't done, and is impossible to enforce. So this setting is simply unacceptable except on announce/advertising lists (where Reply-To is usually set to some other address anyway) and on anonymous lists (which as far as I know are relatively rare).
If this option becomes a popular filter on large mail hosts, discussion lists (ie, the kind of mailing list that Mailman was originally intended to serve) will take a severe, perhaps fatal, blow.
This is speculation, and broad fear of the future...
The current practice for a postmaster is to trust (or not) emails from specific mailing lists, not who post them to the list. Adding DKIM to the list and taking ownership will only improve it.
I hope this helps alleviate concerns.
You should really read the code of the patch for MM2 and try it.
Franck Martin writes:
This is speculation,
I said so myself. The fact that I'm paranoid just means I've read Bellovin and Cheswick.
and broad fear of the future...
No, it's an extrapolation of my own occasional experience, and the frequent pain of others that I see on this list, and the observed behavior of sysadmins, some of whom I respect but who are under extreme pressure to stop spam, and others who are less competent. It's a very specific fear of a broken standard that may be imposed on us by powerful third parties.
It's possible that mailing lists as we know them today are an anachronism, that they themselves are fundamentally broken in a world where spam constitutes 90% of all email traffic, and we should let them go rest in peace. I can accept that. There may be no solution that allows both existing mailing list customs to continue and provides socially acceptable levels of spam prevention. If so, so be it.
I hope this helps alleviate concerns.
You should really read the code of the patch for MM2 and try it.
I don't need to when you suggest violating basic RFCs to make DMARC work better. Sometimes it's appropriate to "take ownership of From". DMARC is not a valid reason to do so, and I'm not going to try that.
And what good does trying a patch do? I fear a *social* problem, not that your patch will make Mailman technically unable to receive or send mail. If the latter happens, we debug the patch. Minor irritation, no more than that.
Hi Stephen, At 18:39 08-07-2013, Stephen J. Turnbull wrote:
work better. Sometimes it's appropriate to "take ownership of From".
There is a case where the mailing list administrator configured the list to take ownership of the "From". Telling people that it was not a good idea never works. It's easier to wait for the denial of service (which happened) and watch the complaints to pour in.
Regards, -sm
SM writes:
Hi Stephen, At 18:39 08-07-2013, Stephen J. Turnbull wrote:
work better. Sometimes it's appropriate to "take ownership of From".
There is a case where the mailing list administrator configured the list to take ownership of the "From". Telling people that it was not a good idea never works. It's easier to wait for the denial of service (which happened) and watch the complaints to pour in.
It doesn't work on people who convince themselves it's the only way to solve their problems. It often does work on people who are grasping at straws, and know it. You can often convince the latter that they'll only make their problems worse.
Franck Martin writes:
The current practice for a postmaster is to trust (or not) emails from specific mailing lists, not who post them to the list.
Really? I thought they trusted SMTP connections from specified MTAs (IP addresses). (More precisely, folks who seem to be running legitimate lists who run into problems generally find that their IP is blocked, not any identification of the list.) Anyway, List-Id is trivial to forge; I wouldn't trust it.
Adding DKIM to the list and taking ownership will only improve it.
DKIM is fine, if postmasters actually do trust lists. Just use List-Id as one of the signed headers and add your own DKIM signature. Done, no need to violate RFC 5322.
So I went back and re-read the DMARC spec (more carefully than I did a year ago, it seems, because it seems to be a rather different document than the one I remember reading :-/), and it seems to me that From- munging is not only a bad idea from the point of view of mailing list custom and RFC 5322 conformance, but it violates the spirit of DMARC as well.
DMARC is a framework for implementing, evaluating, and improving sender policies at the domain level. It insists (correctly, for the intended application of anti-phishing) on using From and nothing else. In most cases the primary users[1] of DMARC (institutions that handle private data, whose domain names are well-known -- at least to correspondents -- and can be used for phishing) want to ensure that only messages originating from their domain can use their domain name, or at least that non-technical users can be given a very obvious indication that something funny is going on if a "From" using their domain name originated from a different domain. But they *want* their domain names seen. They don't want them munged.
But this philosophical discussion isn't really convincing even to me. I'd like to see examples of real use cases for DMARC, and the recommended policy settings for them.
Footnotes: [1] The users whose requirements are reflected in DMARC's specific requirements.
participants (3)
-
Franck Martin
-
SM
-
Stephen J. Turnbull