Re: [dmarc-ietf] DMARC-Compliant Mailing Lists

Creating a DMARC record on your domain means (among other things) that you expect no email sent from your domain to be a contribution to mailing list discussions. Telling mailing list owners and mailing list software designers to violate RFC 5322 Internet message format's description of the From

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

they are deliberately different in many cases, e.g. one domain for mail from end users, another for mail sent by a vendor, yet another for another vendor. Why is dmarc different? -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology

Re: [dmarc-ietf] ARC questions

; > > And if you know which hosts are legit mailing lists or forwarders, you already know what ARC would tell you. -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Organizational domains, threat or menage, was On splitting documents and DBOUND

r domain to publish dmarc. The owner of the other domain may want to allow users in their domain to contribute to lists and groups without having their messages rejected, or mangled by well-intentioned workarounds. This is not simple. This is a real-world case with the domains ending columbia.e

Re: [dmarc-ietf] Organizational domains, threat or menage, was On splitting documents and DBOUND

niversities. The real email world is a complicated place. -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] DMARC as Signal to MLMs for Rewrites (or not)

draft-kucherawy-dkim-transform > [†] > https://tools.ietf.org/html/draft-levine-dkim-conditional-04#section-4.1 > > > > > > > > > > > > > > > > > > > > > > > > > ___

Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC

an authentication method diminishes its effectiveness. On Wed, Sep 16, 2020 at 10:46 AM Dotzero wrote: > > > > On Tue, Sep 15, 2020 at 12:02 PM Joseph Brennan wrote: >> >> >> >> On Tue, Sep 15, 2020 at 11:55 AM John Levine wrote: >>> >>> In a

Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC

On Tue, Sep 15, 2020 at 11:55 AM John Levine wrote: > In article bnk2_ckmn...@mail.gmail.com>, > Joseph Brennan wrote: > >"Domain administrators must not apply dmarc authentication to domains > >from which end users send mail that may be re-sent via lists or > >

Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC

; -- done. Then dmarc will be simple and reliable, and bank statements and similar messages are protected as intended. Building in a standard workaround significantly weakens the whole concept, doesn't it? -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

il from ordinary end users. Given that I think more sending systems would be willing to publish p=reject and more receiving systems would be willing to honor it. It won't be the end of spoofs, but it would reduce the disruption to people outside the DMARC club. --- Joseph Brennan _

Re: [dmarc-ietf] Fwd: New Version Notification for draft-crocker-dmarc-sender-01.txt

ling lists to work but sensitive data to be more protected than end-user mail. -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Why are MUAs hiding or removing the From address?

MD has a built-in function to replace the content of header fields, which I think is a milter function. -- Joseph Brennan Lead, Email and Systems Applications ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Why are MUAs hiding or removing the From address?

ift cards, and so on. > Briliant! I wish we were still using Mimedefang. This wouldn't be hard to code, and the results would be effective. -- Joseph Brennan Lead, Email and Systems Applications ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

it accepted. The opposite of the purpose of DMARC, isn't it? -- Joseph Brennan Lead, Email and Systems Applications ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

g, and it's because sheer deliverability of legitimate email is the priority. -- Joseph Brennan Lead, Email and Systems Applications ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Why are MUAs hiding or removing the From address?

5322 Sender header, even if it is in the peculiar "x on behalf of y" notation, which shows display name when there is one and address otherwise. But we are digressing into a proposal for an Internet Email Client standard. Joseph Brennan Le

Re: [dmarc-ietf] draft-crocker-dmarc-author-00

ld SHOULD NOT contain any mailbox that does not belong to the author(s) of the message." No better than where we are now, is it? -- Joseph Brennan Lead, Email and Systems Applications ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] DMARC Use of the RFC5322.Sender Header Field

field. Big win, for widespread acceptance, I would say. -- Joseph Brennan Lead, Email and Systems Applications ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc