On 11/7/13 12:58 PM, Jim Popovitch wrote:
On Thu, Nov 7, 2013 at 1:23 PM, J. Trent Adams firstname.lastname@example.org wrote: [snip] Now we're left participating on mailing lists using personal mail accounts. As you can imagine, that makes many departments in the organization really nervous for a variety of obvious reasons. Which .... appears to be working well for you, mr jtrentadams@
Indeed! . . . though let's keep that on the down-low given the concern about the apparent ease with which some entities seem to have access to these accounts. ;)
[ snip ]
To be fair, Mailman doesn't modify the body, it does add footer attachments and follows existing RFC requirements for appending headers. I wouldn't necessarily classify that in the same way as RFC5322 From spoofing.
Yeah, that's a fair point about Mailman using appropriate mechanisms to append the footers. . . But if a sender signs the subject header, does the signature break if Mailman pre-pends (useful) info?
At the end of the day, though, assuming SPF and DKIM are the most effective means of email authentication, DMARC is the only (current) way to effectively close the loop. And Mailman (my preferred MLM by far) has an excellent opportunity to leap ahead of the pack and keep that loop from being severed.
. . . unless someone can think of another clever way to maintain effective end-to-end email authentication in a novel way? Perhaps through the broader adoption of transitive trust (e.g. the Original Authentication Results header)?
Anyway, thanks for your careful consideration, and I do look forward to continuing to discuss viable options for keeping email as trusted and secure as possible. I'm not convince that email trust and security have any impact whatsoever on Mailman or MLMs in general. I believe you can have secure and trusted email (i.e. ibm.com) yet not break MLMs.
Hmmm. . . that's an interesting take. A quick glance at ibm.com shows that they SPF -all, so at least their top level domain shouldn't be sending mail at all. Is that what you meant? Glancing at their subdomains (e.g. us.ibm.com), though, shows that they're protected by SPF ~all and not DMARC. Given that many major mailbox providers only soft fail ~all, it's still likely to see spoofed domain mail reach the recipient. . . Or am I missing something clever that they're doing (which I should probably know about)?
Other than that, I believe that MLMs in general play a huge part in trusted and secure mail. Sure, they're not on the front line, but if they require a hobbling of security of their subscribers to participate, I see that as not so great.
Now, it's not a perfect analogy, but what if in order to ride the city bus you were required to lick the handrails? OK, it's not pretty, but that'd be requiring you to do something inherently dangerous simply to take advantage of public transportation. I don't know about you, but I'd prefer another mode of transport.
Anyway, I'd like to think that MLMs in general, and Mailman in specific as the Cadillac (or should we say Tesla now?) of MLMs, should provide an option to participate in as secure communication as possible. Someone's going to do it eventually, and I'm hoping that we can build on the momentum here given that there are a few reasonably visible lists willing to cut over to Mailman once their subscribers have a better experience.
Thanks, by the way, for the discussion and consideration.
On Thu, Nov 7, 2013 at 5:12 PM, J. Trent Adams email@example.com wrote:
should provide an option to participate in as secure communication as possible.
Randomly applying security distinctions, to RFC de'jour, is not really helping. If you want true message security, then PGP/GPG is the only universal way. If you are just looking to protect the integrity of the pathway, might I suggest that a wrapper around 2 different technologies (one being header reliability and the other being source reliability) is just that... a wrapper (or as I say, a panacea). If you truly wanted secure comms, DMARC would be mandating PGP and going after MUAs.... but I digress.