Re: DMARC: perspectives from a listadmin of large open-source lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/13/2014 02:10 PM, John Levine wrote:
Building on the FROM_IS_LIST idea, rather than having the From be
rewritten to simply "list@xxxxxxxxxxx" why not establish a convention
(dare I say "standard?") to encode the real from address and list to the
left of the @ sign? The rub with DMARC/SPF/DKIM is the domain itself,
not the whole address.

This is a minor tweak of the "authenticated phish via on-behalf-of" proposal.

It's not, actually. The defects in XOAR are obvious even to me.

Spammers can send mail that looks a lot like mailing lists, you know.

What does that have to do with anything? If the message authenticates via DMARC/SPF/DKIM then that's a point in its favor in terms of it not being spam. If the message comes through with a From: that "looks like a mailing list" who cares? Even if that message passes all of the other spam filtering mechanisms between it and the user, the user is likely to know if they are signed up for a mailing list that the spam message is trying to fake, even if it isn't obvious on its face that it's spam to start with.

  From: Paypal Security <security@xxxxxxxxxxxxxxxxxxxxxxx>

DMARC/SPF/DKIM will actually benefit that message if it has a valid signature. Nothing "mailing list" related about it.

But wait, I have an even better idea, Nobody ever thought of this one!

  From: Paypal Security <security%paypal.com@xxxxxxxxxxxx>

Same here. And again, if the message comes through with a valid signature it's less likely to get caught as spam.

Meanwhile, I'm still not proposing that we train users, or even anti-spam software to "recognize" or "validate" mailing list addresses. What I'm proposing is a way to send mail from a list with From: @domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the left side of the @ sign to identify the actual sender of the message.

Doug





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]