Re: Do we actually want to do anything about DMARC?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John Levine <johnl@xxxxxxxxx> wrote:
    >> I agree strongly with you: the IETF needs to do something in some
    >> direction.
    >>
    >> That something could be to properly reject email with a DMARC policy
    >> that does not permit forwarding.  That would piss off an awful lot of
    >> IETF participants, but it would be simple, since it requires no
    >> protocol changes, just social changes.

    > Hmmn, the one approach that is unambiguously worse than doing nothing,

Good, we agree about this, but, I still think we need to lead with a carrot
(new DMARC spec to solve the problem), and a stick (date at which we will
comply to DMARC)

    > since it would confirm every worst fear that we're more interested in
    > playing purity games than in getting work done.

That's one way to look at it, and I'm not saying it's wrong.

I think it shows that we actually care about the contents of our
specifications, and that we actually expect others to.


    > If we actually want to do something, we should decide what to do and do
    > it.

    > It's not like there's any mystery about what the options are.  This
    > page in the old ASRG wiki lists them all and hasn't changed in ages:

    >  http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail

    > The options built into mailman 2 are:

    >  * moderate or reject DMARC'ed submissions

    >  * rewrite the From: line with the list address

    >  * wrap messages sort of like one-message digests

Hah. So this is the same debate 6man has about IPv6 Extension Header
insertion :-)

    > Personally, I think those are all pretty bad, so we should do something
    > else.  (If I had to pick one, I'd pick the last one since it's the
    > easiest to undo on the way in.)

It's been like two years that I said the same thing.

    > My preferred approach until ARC is usable is to rewrite the From:
    > address to a legible forwarding address.  The IETF already handles a
    > bazillion forwarding addresses for I-D and RFC authors, so I'd think it
    > wouldn't be terribly hard to adapt that.  You don't have to change any
    > mailman code; you can do everything in a shim between the list manager
    > and the outgoing postfix submission program.

I call this NAT for email.
I'd rather do IPIP for email and wrap the messages.

--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]