On 9/16/22 4:32 PM, John Levine via mailop wrote:
Yeah, that's the lousy workaround most people use to avoid DMARC breakage.
I want to be crystal clear. I do not believe that the messages being /from/ /the/ /mailing/ /list/ to be a hack of any kind. Rather I believe that it is a first class solution and that what has oft been done for the last 30 years to be a cheat which is well past it's best by date.
I am exchanging messages with the mailing list. It just so happens that the mailing list manager generates new messages with content substantively from messages that it receives.
In some ways, you could compare what I'm advocating for to be akin to an application layer proxy receiving incoming email and generating multiple outgoing emails. Conversely most mailing lists are akin to (duplicating) NAT.
For thirty years we all used mailing lists that didn't mess with the author's name or address, so you could easily reply eiher to the authors or the list
There are many things through history that are considered questionable at best or out and out taboo. Smoking on planes, dumping sewage into the street, and many more. Just because we have always done it that way is never a sufficient reason to continue doing something that way.
(and please don't mansplain to me what Reply-To does.)
I won't. But I will say that I think that the way that most mailing lists use the reply to is broken.
That stopped working when AOL and Yahoo repurposed DMARC to outsource the support costs of incoming spam due to their own security failures.Now I see it's been long enough that people are forgetting that this hack is a hack, and why nobody did it until events forced them to.
I don't think that it's a hack. I think it's a failed attempt to treat the mailing list as a first class netizine.
Consider, if you will, for 30 seconds the following:- The mailing list /is/ the (1st class) endpoint that you are communicating with. - The mailing list is effectively it's own (sub)domain; listname.example.net. - When you send / post messages to the mailing list; p...@listname.example.net, your messages are re-generated received, and re-sent, in duplicate, as being from y...@listname.example.net to each recipient's preferred address. - People can reply to the list; p...@listname.example.net, or directly to you; y...@listname.example.net. It's their choice. They have all the data they need to complete either choice. - The fact that messages com from y...@listname.example.net means that your real email address is not made public by the mailing list. - The list can act as an intermediate for spam to y...@listname.example.net and do a number of different things with it: - reject it if it's not from a current (or possibly former) list member. - queue it and send you a notification that there are queued messages for you to preview / release / reject / drop on the floor.
In summary, promoting the mailing list to and treating it as a first class netizine has many advantages and seems to me to address most, if not all, of the complaints that I've seen with mailing lists and contemporary email / spam / virus filtering.
So what you are referring to as a hack and going too far, I consider to be an incomplete implementation that doesn't go far enough.
- No SPF problems with messages with an SMTP envelope originating from listname.example.net. - No DKIM issues with messages originating from pos...@listname.example.net. -- The only DKIM headers in the outgoing message are new for the new outgoing message. - No DMARC issues with messages originating from pos...@listname.example.net because SPF and DKIM are happy. - People have a valid email address to send messages to each other, via y...@listname.example.net and m...@listname.example.net - No need for Reply-To: hacks because the From: /is/ an address that the listname.example.net MX is responsible for. - No privacy issues introduced by the mailing list because it is the 1st class netizine that everybody communicates with.
If you think this idea is crazy, I suggest that you take a good look at how Craigslist email works for contacting selelrs. In short, you will find a unique email address at Craigslist that is a 1st class netizine. Craigslist then send a new message, substantively based on your email to them, to the seller while sending the message as a different unique email address at Craigslist that (at least temporarily) routes back to you. -- Go look. Try it out. I think you will find that it works quite well without exposing any of your information.
Consider treating a mailing list as the 1st class netizine that it is. Proxy the email at the application (RFC 822 internet text message) layer and stop NATing it at the network (RFC 821 SMTP) layer.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
