-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
As a mail server administrator who has been forced to deploy DMARC to
combat spammers spoofing my domains in their emails, I have to say that
I rather resent the characterization of my choice to use DMARC to
enforce SPF and DKIM checks as me configuring my domain to not allow its
users to send emails to mailing lists.
Without DMARC, spammers would be able to send emails with fake From:
headers to make it appear as if the spam is coming from me - and,
actually, they do try according to the DMARC data I receive back from
Google - which negatively impacts my domain's ability to send legitimate
mail.
With all due respect, saying that "DMARC is not for providers of people
using mailing lists" strikes me as rather ignorant.
It's also worth noting that DMARC is itself only a way for email
providers to specify to recipients how strictly the already existing SPF
and DKIM checks should be applied, nothing more.
I, for one, think that even if it is suboptimal, changing the From:
header to the mailing list's address is the best solution and appreciate
the plan to do this. It will allow mail providers who have chosen to
secure their email delivery using DMARC to use these mailing lists, and
perhaps even allows the WMF to, in the future, adopt DMARC - we have
already seen on OTRS examples of spammers using fake
wikimedia.org From:
headers in spam emails, and wide DMARC deployment would have a
significant impact in reducing spam of this nature across the entire
Internet.
I think it's also worth noting that the very large Outages mailing list
<https://puck.nether.net/mailman/listinfo/outages>, which is popular
amongst network admins including myself, has changed the From: headers
of its emails to be via the mailing list as proposed here for as long as
I have been a member of the list.
In summary, I strongly feel that this is a relatively easy change that
is a major step in the right direction towards supporting an important
technology that will help combat spam across the entire Internet, and I
wholeheartedly support it.
- --
Sincerely,
Andrew "FastLizard4" Adams
<https://en.wikipedia.org/wiki/User:FastLizard4>
<https://fastlizard4.org>
<FastLizard4(a)gmail.com>
GPG Key ID: 0x221A627DD76E2616
On 7/25/2017 16:01, Platonides wrote:
:(
What will be the behavior when a final user presses reply to one of
those emails from the list?
Should a bofh enable the reject option, will the rejection message
properly explain that «they are sending an email to a public mailing
list and their domain is configured to not allow that, and should they
have any issue to complain to their email provider»?
Quite sad, but it's actually what everybody should be doing instead of
working around it by overwriting the author of the message with the
sender and clobbering the Reply-to (cf. rfc 5322 section 3.6.2).
(and leaving everyone else with badly emails)
Does it at least leave a pattern that allows a faithful reconstruction?
Could deliveries to the gmane archive be exempted?
There's a place for DMARC, but not for providers of people using mailing
lists.
Kind regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBCAAGBQJZeBNlAAoJECIaYn3XbiYW1zgP/2l9BCJxmiXC4Oz7BdxNqbOz
zFyKVUjDLcGArdSEjZ1VLvoTRL2YLZscGHe2jqW2SQTv9UltZK5sxGQY1pkjtqFs
WjSoODtQdLaM0X7/OkddOqaYbyy7iS0onmfJr93u02wzn6gn7odYORBfFDcPJ7QQ
F5EKdMcUIgM+F1YRA7FwL3bkftbzHMuHLpiLBVqSTR0NI+5MMGAIoi4+hAKtGCzJ
UsBt/DmcRZrE1EQbfkUqcZyeTcKmrfkIt0sAeYYlc76e5uprmNBTB0cZp5uJ4GGY
d2JrEavXjLhyfMVXLsgFPEuSJDScz63es3CSqOr1Maj4gTlXpXAXOvVhKkMn/q1v
7qH1KetZSddgBRcylY33fe5pD2879J7BnYJol3CpijLm1D7NZPEkShGsOHjRAhf7
4otBmaLlfllGF7h0C2IiITnsO3Fu00olG3gnbolrshPtgPyqLJAkk6YxXBfsaWf9
/pM4Oa7h98YoKNZCZt4ZdESuxgba9k/LwT9quiEvAbMk9OCpAawILwdlH9DaUi8P
QzueH7zK+YmCf4ghXsnTzv7+0XdQLXh8qQj0sMvJ/1peWuDpW+H0NljF8EvvHyGK
yKpQtPEE6z9wO0oQz5agal/X90q0t9Vr0JqIXstxgrphQMsEWUdz5eBAmgdfLpXA
PDH9p5qcIPLa361BmAoy
=aIIk
-----END PGP SIGNATURE-----