Re: DMARC: perspectives from a listadmin of large open-source lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Levine wrote:
Meanwhile, I'm still not proposing that we train users, or even
anti-spam software to "recognize" or "validate" mailing list addresses.
What I'm proposing is a way to send mail from a list with From:
@domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the
left side of the @ sign to identify the actual sender of the message.
Yes, that's the 1980s percent hack.  Do you really think it's a good
idea to reinvent it to get around the defects of the FUSSP du jour?

I agree that it's not plausible to train people to recognize mailing
list addresses.  But what you're proposing is to train people to be
phished, by telling them that a rewritten address from something that
looks sort of like a mailing list is equivalent to whatever the
original address was.  Given that DMARC is supposed to be an
anti-phishing tool, this completely defeats the point.

R's,
John

It strikes me that the real way to address some of these issues is to add a few new headers to SMTP - to get rid of the overloading of the From: and Reply-to: headers associated with mailing lists. An SMTP extension that would absorb some of the well-known and well-understood functions of list software.

I have to think a bit about what the full list of headers might be, but I'd start with:
From: <original author>
List-From: <mailing list>
Reply-To-Original:
Reply-To-List: <set by list manager>
List-Name:
DKIM signature stuff applied to original message
DKIM signature applied by list server

That might be a start toward a real solution that solves both sets of problems.

Then again - it's late, I'm in the middle doing my taxes - this might not make any sense at all.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]