On Sun, Mar 31, 2024 at 6:37 PM Seth Blank <seth= 40valimail....@dmarc.ietf.org> wrote:
> "It is therefore critical that domains that host users who might post > messages to mailing lists SHOULD NOT publish p=reject." > > [...] > > More accurate language that alleviates the concern would be "It is > therefore critical that domains that host users who wish for their messages > to be modified and spoofed by downstream intermediaries, such as alumni > forwarders or mailing lists, SHOULD NOT publish p=reject. Such spoofed > messages may still be rejected, regardless of a domain owner's published > DMARC policy." > I must be missing something as this to me reads as a difference without a distinction. That's probably because I assume that the set of mailing lists that modify messages is a very large subset of all mailing lists, but they are a priori indistinguishable. Put another way: As a domain owner with users that may or may not choose to participate in mailing lists, I don't know what I would do with the added text. It seems to be telling me to get to know the configurations of the lists to which my users might want to subscribe. If I have only a handful of users, that's possibly manageable. If I'm Gmail-sized, not so much. When it comes to the Charter, the document is supposed to articulate how to > address indirect mail flow, and this would be the place. Therefore, I > believe it is also worthwhile in this section to reference both ARC, as > well as other mechanisms that such breaking intermediaries that create new > messages (and therefore spoof the sender) could undertake, such as From > rewriting to properly claim ownership of the message, or not making changes > to the message that invalidate DKIM. > If ARC is intended to be part or all of the answer to how the list problem is solved, and evidence exists that it does mitigate the damage, then I think that's a strong argument for saying so in the document. Do we have such interoperability experience, especially with respect to lists? -MSK, p11g
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
