On Tue, May 6, 2014 at 5:30 PM, Terry Zink <[email protected]>wrote:
> > I remember this thread from a year ago and that it didn't get a lot of > support. I suppose an example record is the following: > > _dmarc.example.com "v=DMARC1; p=reject; pct=100; rua=...; ruf=...; l=yes" > > The idea is for mailing lists to avoid getting filtered by DMARC (since it > does spoof the From but legitimately) but it needs to be thought out > end-to-end. I have a couple of questions: > > 1. The tag value for l=no isn't required. This means "I don't participate > in mailing lists and therefore you should enforce my p=reject action." But > this is the same as l=dunno (empty) which is the same as today's behavior. > So, you would only need l=yes. > > 2. How would a receiver know that the email comes from a mailing list? > Would it just look for something like a List-Unsubscribe or List-Subscribe > header? Or something similar? > 2.5. How can you distinguish traffic that came from a mailing list from traffic that came from a spammer but disguised it to look like list traffic by doing one of the things Terry just listed? That one point is a showstopper for me. It's an issue that was discussed even going as far back as DKIM (or even its antecedent) and SPF. So far, there isn't an answer, which means "treat list traffic differently" becomes a very convenient and easy exploit against any system that allows for it. And it has nothing whatsoever to do with DMARC's "immutability". If there was a solution to this problem, DMARC, DKIM, SPF, and lots of other things would have adopted it already. -MSK
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
