Re: DMARC: perspectives from a listadmin of large open-source lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/13/2014 7:49 PM, John Levine wrote:
Meanwhile, I'm still not proposing that we train users, or even
anti-spam software to "recognize" or "validate" mailing list addresses.
What I'm proposing is a way to send mail from a list with From:
@domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the
left side of the @ sign to identify the actual sender of the message.

Yes, that's the 1980s percent hack.


1979, to be precise, for MMDF's relaying telephone/Arpanet mail with the original funding agency, the Army Materiel Command, and then the NSF's CSNet. It was difficult to find a character that made any intuitive sense and wasn't already taken.

As an overall construct, in this case, it might work pretty well. It preserves all of the original address in a way that is easily machine-parseable.

It treats the list engine as a kind of gateway. This means that a reply to that address will show up at the list host and needs to be relayed to the intended recipient. While a bit inefficient -- and probably will emerge as an attack vector (sigh) -- it's a plausible mechanism.

d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]