Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Friday, May 11, 2018 15:31 -0500 Spencer Dawkins at IETF
<spencerdawkins.ietf@xxxxxxxxx> wrote:

>...
>> (2) If someone receives a message whose envelope MAIL FROM and
>> header "From:" fields show
>>   "alexey=40example.com@xxxxxxxxxxxxxx"
>> and replies to it offlist without recognizing the convention
>> or de-converting the address, I assume that dmarc.ietf.org
>> will recognize its own convention, rewrite the message
>> headers, and send it off to alexey@xxxxxxxxxxx.  If it does
>> not do that rewrite, then the message (or the copy addressed
>> to him) bounces or gets lost, which is not necessarily a bad
>> thing.  If it does do the rewrite, it works even if the
>> convention is changed to "alexey☺example.com@xxxxxxxxxxxxxx"
>> as long as dmarc.ietf.org keeps track of all of the
>> conventions it has used.  It does raise a privacy concern
>> that might or might not be important -- if I pick up Alexey's
>> address (that one) for use in a private reply, having the
>> message pass through IETF mail servers leaves traces (and
>> possibly the message in clear-text form and that might not be
>> desirable.
>...

> (2) is closest to what I was curious about - whether if we are
> running =40 as the convention, and decide that =80 would be
> twice as good (just kidding, I mean "any other value besides
> =40"), and implement the new convention, if something good
> would happen someone who replies to an e-mail that was
> processed using the original convention.
 
> So I was stumbling toward asking if we planned to remember old
> conventions if we adopted a new one, and it sounds like if we
> did remember old conventions, most of the
> reply-to-old-convention e-mail would end up in the right
> place, most of the time.
> 
> Your explanation was helpful. And thanks for clues, as always.

Glad to help.  Incidentally, while my mini-analysis had not
gotten that far, Victor is probably correct.  If mail can
actually be sent to
   "alexey=40example.com@xxxxxxxxxxxxxx"
with the expectation of delivery to 
   "alexey@xxxxxxxxxxx"

we would need to either have a very complex filtering or
validation system or we would basically have created an open
relay (btw, another issue with the use of "%").  For that
reason, it might actually be better to either refuse to accept
incoming mail with dmarc.ietf.org as a nominal destination or to
bounce all such mail with a message similar to 

   550 No such mailbox; this was a cheap hack to prevent DMARC
problems with mailing list postings

And just move on.  I'm confident that those who worry about
blowback and similar bad behavior would prefer the former.   If
that were the approach, it really wouldn't make any difference
what conventions were used or how often they were changed as
long as a competent human could manually decode them.

best,
   john






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux