[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Al Iverson aiverson at spamresource.com
Sun Jun 8 08:50:51 PDT 2014

On Sun, Jun 8, 2014 at 12:13 AM, Dave Crocker <dhc at dcrocker.net> wrote:
> On 6/8/2014 1:26 AM, Al Iverson via dmarc-discuss wrote:
>> On Sat, Jun 7, 2014 at 12:44 PM, Dave Crocker via dmarc-discuss
>>> Keeping in mind that the mailing list scenario has always been
>>> legitimate use,
>> SMTP relay was a legitimate use case (or at least was very loudly
>> claimed to be by those angry about relay blocking).
> Sorry, no.  Use by unauthorized users is not a legitimate use case.

I didn't say unauthorized.

> Again, closing relays carried an entirely adequate alternative via port
> 587 for authorized users.  No such equivalence is available when DMARC
> breaks mailing list use.

Not at first it didn't -- it looks like port 587 submission was
specified in RFC 2476 which was December 1998. The relay wars were
underway by then and it took some time to garner acceptance and

>>> the concern is that we may be left with a long-term
>>> barrier to that use, with no attendant long-term benefit.
>> I think there's a good chance that the barrier melts away in the long
>> term. Specifically, the mailing list usage barrier. Mailman, Yahoo
>> Groups, Google Groups, and various commercial providers have already
>> implemented changes to that end. I feel like a lot of the barrier has
>> melted away already.
> You seem to be confusing "work-around" with "equivalent function".  What
> we have is increasing use of work-arounds that defeat DMARC and train
> the community to accept mail the employs the work-around.  As such it
> eliminates long-term benefits of DMARC.

I don't know that I agree, but that was a helpful clarification of
your point and I appreciate it.

>> If I can keep my domain out of the from address of bad mail forever,
>> that's a long term benefit to me. How does that not sustain?
> An assertion like that focuses on a syntactic point, rather than a
> semantic one.
> I'll bet you don't actually care about the From address content, on its
> own, but that you really care about receivers thinking that mail is from
> you when it isn't.  I know I do.  That's the real and higher-level concern.

I guess it might be more accurate to say that I care about both. But I
can't speak for AOL and Yahoo.

> You believe that there haven't been explanations for the 'why' provided???

Yes, or more specifically that there's not been very much detail or
explanation, just lots of angry. So I decided to ask questions to try
to better understand.

Al Iverson

More information about the dmarc-discuss mailing list