Re: [dmarc-ietf] IETF Mailing Lists and DMARC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/2/2016 6:19 PM, Brian E Carpenter wrote:

I think Michael Richardson made a very valid point. If our mailing
list software detects a sender whose domain has p=reject, we *know*
that the forwarded message will fail DMARC validation. So there's a
strong case for rejecting the message immediately, so that the sender
can be told about the problem and can choose a different sending address.

I had it in my 2006 DSAP proposal for MLM guidelines:

  http://tools.ietf.org/html/draft-santos-dkim-dsap-00#section-3.3

The term DMARC can be swapped in the section since its really about a general DKIM+POLICY and it doesn't matter if it was SSP, ADSP, DSAP or DMARC:

   3.3.  Mailing List Servers

   Mailing List Servers (MLS) applications who are compliant with DKIM
   and DMARC operations, SHOULD adhere to the following guidelines:

   Subscription Controls

      MLS subscription processes should perform a DMARC check to
      determine if a subscribing email domain DMARC policy is restrictive
      in regards to mail integrity changes or 3rd party signatures.  The
      MLS SHOULD only allow original domain policies who allow 3rd party
      signatures.

   Message Content Integrity Change

      List Servers which will alter the message content SHOULD only do
      so for original domains with optional DMARC signing practices and
      it should remove the original signature if present.  If the List
      Server is not going to alter the message, it SHOULD NOT remove the
      signature, if present.

Wow! 10 years and we still having this issue! Incredible. :(

But I did add the subscription controls for our ML software.

Presumably, we'd only need to do this until ARC is deployable.

Can ARC resolve the downlink problem for the non-ARC compliant receivers?

I've always said that the MLM needs to "look up" the practices of the Author Domain. What is its expectation? Intentions?

If the MLM expects the receivers to do DMARC lookups, why shouldn't the MLM do the same prior to accepting a list submission or subscriber? The MLM can also check/detect DMARC related SMTP error responses and minimize the erroneous automatic removals from list. All this requires MLM software change.


--
HLS





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]