Re: DMARC: perspectives from a listadmin of large open-source lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/13/2014 09:34 PM, John C Klensin wrote:


--On Monday, April 14, 2014 00:10 -0400 John R Levine
<johnl@xxxxxxxxx> wrote:

Sadly, there are a non-trivial number of MTA installations
whose implementers or operators, having discovered that they
had not seen a legitimate use of the percent hack in years,
decided that they were about as likely to appear in
legitimate messages as source routing and dealt with them
accordingly.  Put more simply, a "%" in a local-part may be
least as likely to get a message rejected or dumped as a
badly specified DMARC record, so the one is really not a very
good cure for the other.

Since the percent hack became a famous vector for open relay
abuse, so we all stopped honoring it.  A lot of MTAs still
reject anything with a % saying something like no more source
routing.  Mine does.

Exactly.

Perhaps my suggestion to use the percent sign dragged in some baggage I wasn't intending. To be clear, I wasn't suggesting that receiving systems do anything special with the address, only that we establish a convention/standard for how to encode the real address of the sender for mail sent through mailing lists. It could at least by visually inspected by recipients, and in theory MUAs could learn to deal with it for display and/or reply purposes. If a ! works better than a % to separate the sender's address from the list address that's great.

For those that are skeptical of MUAs actually doing this, I agree. However in recent memory a non-trivial number of modern MUAs have picked up parsing of list headers sufficiently to make "reply to list" buttons a reality. So not all hope is lost here.

So this would require inventing something with the same
semantics as the percent hack, but a different syntax.
Perhaps we can use an exclamation point.

I suppose the correct response is "bang, bang, bang,..."

But this takes us back to Ned's point (or at least my
interpretation of it): it is lots easier to fix a bad DMARC
config, ignore restrictive DMARC specifications, or even to
abandon DMARC entirely, than it is to believe that we can
upgrade every MTA and MUA on the network to start accepting
percent hacks, bang paths, or the syntax characters used to
denote them, again.  Or any other strange local-part syntax
anyone is likely to come up with, e.g., perhaps we could use
plus signs, hyphens, or appropriately-escaped backslashes.  Or
we could steal "/" and "=" back from X.400 gateways.  Right.

Well + is out, since that's used by various local filtering solutions.

But your point is well taken ... the "right" answer may be to fix or discard DMARC, I honestly don't know. But in a world where DMARC is here to stay, or if not DMARC then some other anti-spam solution that breaks mailing list forwarding; and in that same world where mailing list traffic is negligible (and therefore the cost of breaking mailing lists is in the noise compared to the benefits of deploying said anti-spam solution) it's incumbent on the mailing list software folks to solve this problem.

Doug





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]