Back to connected lands... On Wed 24/Aug/2016 02:19:35 +0200 Brandon Long wrote: > On Tue, Aug 23, 2016 at 11:55 AM, Alessandro Vesely <ves...@tana.it> wrote: >>> >>>> Say A -> B -> C are the MTAs: [...] >>> >>> If your MTA is too small to use combinatorial trust assessments, then you >>> are stuck with the same two options you have today: manual whitelists or >>> using a service to give you that information. >> >> A two-step heuristic to determine trusted MLMs consists of (1) collect >> domain names from received List-Post: header fields matching <mailto:*@*.*>, >> and authenticated (via SPF, DKIM, or DNSWL), and then (2) from the domains >> collected that way, select those that my users write to. _Small domains_ >> --by definition, for the scope of this discussion-- have no anonymous users. >> >> That heuristics keeps failing until a subscribed user actually posts to a >> MLM. Skipping step (2) makes it an obvious attack path, but whitelisting >> can mitigate it a bit. > > If you were actually seeing 20-30 whitelistable mailing list domains a > day, I think you might get >90% of them in a couple months.
20-30 was the total number, it would take me even less time to do manual whitelisting. Fact is I'd feel like wasting my time while providing a fuzzy service to my few users that way. > Ok, that's not true, Google Apps allows domains to have mailing lists, but > that's probably the bulk of them... but they'll all be ARC signed by the > same provider (google.com). O365 may also have a ton, but again, probably > whitelistable as a single entity. Thanks for the insight. >>>> [...] The concept is weak signatures. [...] >>> >>> So, any message sent from A to B can then be used as a replay with any >>> content to any party as long as the To/Cc are intact? That seems pretty >>> useless. >>> >> >> Yes, B can send whatever they like using your name@A. That's how >> weak signatures work. [...] regular domains may want to weak-sign >> only the copy of a message addressed to a trusted MLM. >> >> I'd put weak signatures when I play A. That way I'd complement the above >> technique, trusted MLMs whitelisting, which I'd use when I play C. > > But you're still whitelisting MLMs in C, or even possibly in A in this > scenario. Yup, in A it works from the first time. >> If I were clever, I would list all possible statuses of A, B, and C (such >> as complying with DKIM, DMARC and ARC, applying or recognizing weak >> signatures, being aware of either DKIM v=2 or the new header field, et >> cetera) along with the relative probabilities that they are implemented at >> various stages in time, and then compute the chances that C can pass/reject >> correctly in the two cases of B being white or black, at each stage. I >> reckon there are cases of A unknown to C, perhaps because either is small, >> where some mixes of the above techniques would save the day, thereby >> encouraging more small domains to publish strict DMARC policies, don't you >> think? > > I'm not sure if that's a goal. I agree it is not a goal to have more strict DMARC policies, not in the sense of the quest for SPF -all a dozen years ago. However, I'd regard widespread adoption of non-test policies as a success indicator of DMARC. Personally, mailing list is what prevents me from such policy shift, but other local providers don't even DKIM sign... Ale _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
