IETF Logo Mail Archive

Re: DMARC and ietf.org

Russ Housley <housley@vigilsec.com> Tue, 19 July 2016 15:21 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16F9C12D881 for <ietf@ietfa.amsl.com>; Tue, 19 Jul 2016 08:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mCvl8SdE9cpN for <ietf@ietfa.amsl.com>; Tue, 19 Jul 2016 08:21:10 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0F8312D8EA for <ietf@ietf.org>; Tue, 19 Jul 2016 08:00:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A288630056C for <ietf@ietf.org>; Tue, 19 Jul 2016 11:00:53 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8poLm7pFtdcy for <ietf@ietf.org>; Tue, 19 Jul 2016 11:00:52 -0400 (EDT)
Received: from [5.5.33.50] (vpn.snozzages.com [204.42.252.17]) by mail.smeinc.net (Postfix) with ESMTPSA id B1E393002A3; Tue, 19 Jul 2016 11:00:51 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: Re: DMARC and ietf.org
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <A2F94A7A-3984-4E01-9C66-C580BD8C92CA@me.com>
Date: Tue, 19 Jul 2016 11:00:48 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <BE67956E-7299-41D1-B8D6-B66AD18081D7@vigilsec.com>
References: <CAL0qLwYZPO9L9e7MHA6zP5vcTbQEJmwCSonLdMeQiOw4CUoiFw@mail.gmail.com> <20140718174827.652621ADAF@ld9781.wdf.sap.corp> <6.2.5.6.2.20140719235353.0c50d260@resistor.net> <25621.1405862805@sandelman.ca> <56CDC083.7020001@sandelman.ca> <CAA=duU0HLdE0WRcM3o9SXGuZ2T6E5mha+GjRkyGfPEe+VO=pdg@mail.gmail.com> <87B045CE-2C2F-4528-937E-772B67E26F8C@vigilsec.com> <1301.1456329984@obiwan.sandelman.ca> <56CDFA68.4030506@gmail.com> <A2F94A7A-3984-4E01-9C66-C580BD8C92CA@me.com>
To: John Payne <jcapayne@me.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/IWYXqWOOcuJpiekJLEi7LNHsGws>
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 15:21:12 -0000

John:

>> On Feb 24, 2016, at 1:46 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:On 25/02/2016 05:06, Michael Richardson wrote:
>>> 
>>> Russ Housley <housley@vigilsec.com> wrote:
>>>> We are in the process of upgrading mailman. As part of that upgrade
>>>> there are new settings. The Secretariat has been discussing the various
>>>> choices for those new settings with some of the Tools Team. If there is
>>>> anyone in the community that has a lot of experience with mailman
>>>> setting, we would like to consult with you.
>>> 
>>> Good, thank you for this update.
>>> 
>>> I'd like to ask that we capture the reasons (the thought process) for the
>>> settings into at least a wiki page, if not a BCP.
>> 
>> Yes, and maybe leave a little time for public debate before implementation,
>> because a lot of people's working habits may be affected.
> 
> Things seem to have been (publicly) silent on the topic of IETF mailing lists and DMARC since feb.  Can we have an update please?

This is my understanding of the current situation.  First, no one offered to assist with the new Mailman settings.  We remain open to community review and suggestions.

The IETF mail server does not reject on SPF or DMARC mismatches.  All incoming email is passed through SPAM Assassin, and SPF/DMARC are taken into account in the scoring system.

Outgoing Mailman email still has the problem.  Mailman has an option we can enable to force DMARC-spoofing sender rewriting of all outgoing Mailman email.  If we enable that option, the From: field rewriting and could be disruptive in unknown ways.

We know that outgoing alias email still has the problem.  The Secretariat is did some experiments with some additional headers (Resent-*) to alias mail.  They were not able to determine whether this headers helped destination servers or not.

Russ

v2.23.0 | Report a Bug | By Email