[dmarc-discuss] How does *this* mailing list interact with dmarc?

Steven Chamberlain steven at pyro.eu.org
Sat Jun 23 05:16:20 PDT 2012


On 23/06/12 04:11, Murray Kucherawy wrote:
> The problem has always been, and still is, the ability to identify
> forwarded mail or list traffic.  The minute you carve out an exception
> for those things, bad stuff will try to pose as those things, and
> there's very little to stop them from doing so.

If DMARC were able to consider RFC5321.MailFrom (at the sending domain
owner's option) then it could verify DKIM signatures by the listserver
when doing any whitelisting.

Or else a phisher who imitates a listserver, must sign the fake
"forwarded" mail with a DKIM signature that ties it to a domain under
their control, which makes it more easily blacklisted.

> Moreover, are those streams (forwarded mail, stuff that goes through
> lists) really part of the threat model we're trying to address here?  I
> don't think they are.

Not directly, but I believe their existence forces a compromise that
weakens DMARC as a whole:  more senders must resort to p=none, and/or
receivers must give less weight to p=reject.  The reason I brought this
up :)

Steven Chamberlain
steven at pyro.eu.org

More information about the dmarc-discuss mailing list