[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Al Iverson aiverson at spamresource.com
Sun Jun 8 08:50:51 PDT 2014


On Sun, Jun 8, 2014 at 12:13 AM, Dave Crocker <dhc at dcrocker.net> wrote:
> On 6/8/2014 1:26 AM, Al Iverson via dmarc-discuss wrote:
>> On Sat, Jun 7, 2014 at 12:44 PM, Dave Crocker via dmarc-discuss
>
>>> Keeping in mind that the mailing list scenario has always been
>>> legitimate use,
>>
>> SMTP relay was a legitimate use case (or at least was very loudly
>> claimed to be by those angry about relay blocking).
>
> Sorry, no.  Use by unauthorized users is not a legitimate use case.

I didn't say unauthorized.

> Again, closing relays carried an entirely adequate alternative via port
> 587 for authorized users.  No such equivalence is available when DMARC
> breaks mailing list use.

Not at first it didn't -- it looks like port 587 submission was
specified in RFC 2476 which was December 1998. The relay wars were
underway by then and it took some time to garner acceptance and
adoption.

>>> the concern is that we may be left with a long-term
>>> barrier to that use, with no attendant long-term benefit.
>>
>> I think there's a good chance that the barrier melts away in the long
>> term. Specifically, the mailing list usage barrier. Mailman, Yahoo
>> Groups, Google Groups, and various commercial providers have already
>> implemented changes to that end. I feel like a lot of the barrier has
>> melted away already.
>
> You seem to be confusing "work-around" with "equivalent function".  What
> we have is increasing use of work-arounds that defeat DMARC and train
> the community to accept mail the employs the work-around.  As such it
> eliminates long-term benefits of DMARC.

I don't know that I agree, but that was a helpful clarification of
your point and I appreciate it.

>> If I can keep my domain out of the from address of bad mail forever,
>> that's a long term benefit to me. How does that not sustain?
>
> An assertion like that focuses on a syntactic point, rather than a
> semantic one.
>
> I'll bet you don't actually care about the From address content, on its
> own, but that you really care about receivers thinking that mail is from
> you when it isn't.  I know I do.  That's the real and higher-level concern.

I guess it might be more accurate to say that I care about both. But I
can't speak for AOL and Yahoo.

> You believe that there haven't been explanations for the 'why' provided???

Yes, or more specifically that there's not been very much detail or
explanation, just lots of angry. So I decided to ask questions to try
to better understand.

Regards,
Al Iverson


More information about the dmarc-discuss mailing list