[syslinux] DMARC test (request)
Gene Cumm
gene.cumm at gmail.com
Fri Jan 23 02:59:39 PST 2015
On Sun, Jan 18, 2015 at 11:11 AM, Patrick Masotta <masottaus at yahoo.com> wrote:
>> As per
>> prior discussions, the "From:" field should remain
>> with the
>> original sender. One (important)
>> reason is that frequent participants
>> in the
>> Syslinux Mailing List tend to use the "From:"
>> field, for
>> instance as search filter.
>
> Well I consider the search filter by subject is a much better approach,
> for participating on a conversation.
I prefer the option. There are times it's easier to use from as a
filter, sometimes with subject. GMail auto-completes these searches
pretty well.
> From a security point of view the logic says that the sender of an e-mail
> should not use other than its own e-address as sender; it is logic
> people out there (yahoo) not liking a service (list) that impersonates someone else.
The impression that I get is that the people who made DMARC either
voted down anyone that deals with mailing list traffic or made it with
zero regard for the existence of mailing lists.
>> Changing the behavior of the "Reply-To:"
>> field might or might not improve the current
>> situation.
>>
> If the list sends a properly crafted e-mail coming from its own address and domain
> why do you think would be a problem?
>
>> The problem (not
>> only for this mailing list) is based on a change in
>> Yahoo!'s policy, since around April 2014
>> (or so). This change has
>> specially affected
>> mailing lists. Although some email providers are
>> "better" dealing with Yahoo!'s
>> change, others have chosen to do nothing...
>
> We should stop for a sec and think if what yahoo did was good or not to fight
> spammers; I think it was good. A list that impersonates a sender is not a good approach.
Don't confuse spammers and spoofers. This is a critical distinction.
Both are commonly handled by "spam" filters. Not all spoofers are
spammers (mailing list traffic; people who try to send through a local
MTA due to network policies blocking their home MTA) and not all
spammers are spoofers (think malware or compromised password).
>> There is no easy solution.
>> Even if some Yahoo! users avoid using it for
>> mailing lists, there is always the chance
>> someone might still use it
>> (now or in the
>> future), so, like it or not, it is up to Mailman and
>> List Administrators to help solve/workaround
>> the problem.
>
> Sure; I think we should adapt to this new situation.
There's a philosophical issue here (though I'm having difficulty
conceiving a comparable analogy) that just because 1 party decides to
do something that breaks long standing practice that is effective for
the vast majority of people, everyone else looses.
http://www.lsoft.com/news/2014/dmarc-debacle-us.asp is an excellent
example of Yahoo! shooting _itself_ in the foot, breaking its products
for about one month and the "fix" causing yet more issues. In both
instances, Yahoo! caused additional confusion and frustration.
I can completely understand it for certain uses like vendor/customer
interactions, especially over a CRM (customer relations management)
solution. Also, I can completely understand MTA operators who have
chosen to reject all email from source domains where messages may get
relayed over a list and set "p=reject".
--
-Gene
More information about the Syslinux
mailing list