Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/12/2014 6:23 PM, Brian E Carpenter wrote:
Hi,

In the DMARC draft, I noticed this:

  Descriptions of the PolicyOverrideTypes:
...
    mailing_list:  Local heuristics determined that the message arrived
       via a mailing list, and thus authentication of the original
       message was not expected to succeed.

Could somebody explain what that means and whether it can be used to
mitigate the current issue? Or are substantial changes needed
in the fundamentals of DMARC?

I assume the authors will be adding a discussion of this issue
to the draft.

Regards
    Brian

Brian,

The overall problem is that the middle ware, mailing list servers (MLS) need to change in order to support any DKIM optional add-on security policy layer.

If the MLS is going to break the integrity and resign the mail, it could not do this blindly without considering the submitting author domain security policy.

First it was SSP, then ADSP, now DMARC. Same problem. Unless the middle ware supports this policy layer, they risk causing distribution problems at the ADSP and/or DMARC, policy-compliant downlinks. This was one of the cited interop problem reasons why ADSP was made historic.

So its really a matter of getting wider support at the Mailing List Software or once again, like it was done for ADSP, promoting the idea of not supporting the p=reject feature of DMARC.

Keep in mind, this is really only a problem because a "public" yahoo.com domain, for some odd reason, use a DMARC p=reject and there is apparently mail distribution down links that support it. The list servers blindly resigned the mail and there is no 3rd party support concept in place to handle it.

But it would be precisely what another domain like fedex.com would want with its restrictive ADSP discardable and DMARC p=reject policies being used in a public mailing list.


--
HLS






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]