Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-07-11 Thread Douglas E. Foster
Rewriting the Message To seems to have no characteristics that are likely to 
cause messages to be blocked as not trustworthy.

This approach will not be detected as anomalous by an incoming gateway.   
Messages to BCC recipients and messages to non-modifying distribution lists are 
already received with the message From address being different from the SMTP 
RCPT address.

Since a user knows that a received message is for himself, a message that 
reports "To" as someone other than himself may cause minor confusion, but is 
not likely to cause significant misunderstanding..

In sum, no one seems to be concerned about the integrity of the "To" header 
currently, and there is no obvious reason why we would expect this to change in 
the future.

For mailing lists that are insist on editing submissions, changing SMTP MAIL 
FROM and Message From into the list domain, and the Message To into the author 
domain, will solve the sender authentication problems created by doing so.   
Just as importantly, it requires no special pleading to participant domain 
administrators.

DF




From: jesse.thompson=40wisc@dmarc.ietf.org
Sent: 7/10/20 6:22 PM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers
On 6/29/20 4:18 AM, Alessandro Vesely wrote:
> Hi all,
>
> I mentioned setting To: author instead of From: author-like, near the bottom 
> of a message[*] a week ago, but missed any WG comments on it. That setting 
> would result if I run a mailing list "by hand", using a normal email client. 
> I'd hit reply and then add a bunch of Bcc:'s. Of course, a suitable template 
> would insert a subject tag instead of "Re:", et cetera.
>
> It'd be a cleaner solution than From: rewriting, inasmuch as it saves the 
> association between display names and addresses, for the sake of address 
> books consistency. The anomaly of seeing authors in To: fields, with some 
> getting used to it, may even become a distinguished characteristic of 
> indirect mail flows.
>
> How unbearable would that be? And why? Maybe some comments on this subject 
> can bring out some more details about the rightness or wrongness of the 
> various flavors of From: rewriting.

If nothing else changes; as in: MLMs have to keep promoting the use of From 
munging to their list operators, then I think it would be useful for these MLM 
to also offer (and perhaps default-to-ON if it works well in practice) your 
idea of replacing the To with the author during the munging process.

It would increase the odds that the author will be added to the recipient's 
address book, either manually, or via auto-collection by MUAs when they 
Reply-all (I believe that most MUAs will include the To in the recipient list 
if it differs from the user's own address)

Recipients (and individual list operators) may still complain about the From 
munging, but I like your line of reasoning of getting people used to 
"distinguished characteristic of indirect mail flows".

Recipients will still be saddled with "author via listname" polluting their 
address books (via address auto-collection). This idea doesn't solve that 
problem.

Jesse

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-07-11 Thread Alessandro Vesely

On Sat 11/Jul/2020 00:22:16 +0200 Jesse Thompson wrote:

On 6/29/20 4:18 AM, Alessandro Vesely wrote:

Hi all,

I mentioned setting To: author instead of From: author-like, near the bottom of a message[*] a week 
ago, but missed any WG comments on it.  That setting would result if I run a mailing list "by 
hand", using a normal email client.  I'd hit reply and then add a bunch of Bcc:'s.  Of course, 
a suitable template would insert a subject tag instead of "Re:", et cetera.


Recipients will still be saddled with "author via listname" polluting their 
address books (via address auto-collection).  This idea doesn't solve that problem.



If the author is in To:, both name and address, rather than a munged field we'd 
have something like From: Mailing List ID 



Best
Ale
--












___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-07-10 Thread Jesse Thompson
On 6/29/20 4:18 AM, Alessandro Vesely wrote:
> Hi all,
> 
> I mentioned setting To: author instead of From: author-like, near the bottom 
> of a message[*] a week ago, but missed any WG comments on it.  That setting 
> would result if I run a mailing list "by hand", using a normal email client.  
> I'd hit reply and then add a bunch of Bcc:'s.  Of course, a suitable template 
> would insert a subject tag instead of "Re:", et cetera.
> 
> It'd be a cleaner solution than From: rewriting, inasmuch as it saves the 
> association between display names and addresses, for the sake of address 
> books consistency.  The anomaly of seeing authors in To: fields, with some 
> getting used to it, may even become a distinguished characteristic of 
> indirect mail flows.
> 
> How unbearable would that be?  And why?  Maybe some comments on this subject 
> can bring out some more details about the rightness or wrongness of the 
> various flavors of From: rewriting.

If nothing else changes; as in: MLMs have to keep promoting the use of From 
munging to their list operators, then I think it would be useful for these MLM 
to also offer (and perhaps default-to-ON if it works well in practice) your 
idea of replacing the To with the author during the munging process.

It would increase the odds that the author will be added to the recipient's 
address book, either manually, or via auto-collection by MUAs when they 
Reply-all (I believe that most MUAs will include the To in the recipient list 
if it differs from the user's own address)

Recipients (and individual list operators) may still complain about the From 
munging, but I like your line of reasoning of getting people used to 
"distinguished characteristic of indirect mail flows".  

Recipients will still be saddled with "author via listname" polluting their 
address books (via address auto-collection).  This idea doesn't solve that 
problem.

Jesse

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-06-30 Thread Doug Foster
You were partially right.   Outlook allows me to pick columns, but I forgot
that the feature was available.  

 I don't see the feature on two web MUAs or two phone MUAs that I checked.

Doug Foster


-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Alessandro Vesely
Sent: Tuesday, June 30, 2020 4:52 AM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

On Mon 29/Jun/2020 15:01:07 +0200 Doug Foster wrote:
> Very creative suggestion.   We need some new ideas.
> 
> However, I just checked my MUAs.   All of them assume that "To" is
> unimportant, so it is not displayed in the message list.   "To" only
appears
> in the message view (including the Preview pane).Without more
> visibility, it probably does not sufficiently solve the user interface
need.
> Which also suggests why I have not seen spammers try to manipulate 
> that field.


Can't you select what fields to display in the folder view?

The Sent folder must look boring if it only displays From:.

How about catchall folders?  Hm...  I though all email clients featured
customizable views nowadays.


Thank you for replying
Ale
-- 





















___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc



___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-06-30 Thread Hector Santos

On 6/29/2020 9:01 AM, Doug Foster wrote:

Very creative suggestion.   We need some new ideas.

However, I just checked my MUAs.   All of them assume that "To" is
unimportant, so it is not displayed in the message list.   "To" only appears
in the message view (including the Preview pane).Without more
visibility, it probably does not sufficiently solve the user interface need.
Which also suggests why I have not seen spammers try to manipulate that
field.


I have designed all my MUAs and I presumed all the 3rd party MUAs do 
something similar with a "Message List" view (MLV).


Imeo, this would be one part of a "Recommended MUA Guide" to help 
maximize user viewing security.


First, we have a limited space in what columns to show in a MLV.  In 
TUI (Text User Interface) display, you can correctly assume it will at 
least 80 columns and optionally offer extended 132 columns is 
supported by the terminal.  With GUI, there is more flexibility.


Second, it is not that "To: is unimportant, the mail is mostly likely 
targeted directly to you or to All for groupware environments, i.e. a 
mailing list, NNTP newsgroups, local public or private 
conferences/fora. The designer(s) can choose not to include a "To:" 
column, or decide it is off by default. For GUI, the better ones will 
offer a right click of the MLV table header or via some View Option to 
manage the viewable MLV columns.


Third, our MUA, among others, offer this MLV as a quick way to tag 
multiple messages to mark/unmark as read, delete, move, etc, and also 
sort by column field(s).


Forth, our MUA, among others, also shows a Thread view which is 
"Tree-View" display generated as a function of the Message-ID and 
References: fields.


There are other display views for a MLV, for example, our MUA offers a 
TOPIC view which is basically a thread view linked by the subject and 
date fields or a flat table view with sorted subject/date columns.  It 
helps with the problem where a segment of a thread view is broken by a 
"reply" not having a references id.


This illustrate the multiple TUI/GUI design considerations, allow me 
to summaries what I have to deal with:


For a TUI view, the MLV is showing:

{Mail.Number}
{Mail.From}
{Mail.To}
{Mail.Subject}

and just to show you how limitations under 80 columns and 25 rows 
standard terminal display:


Conference 0 - E-Mail (Internet & Local)
[ 1] Msg:63210 Fm:ANTONIO RICOTo:HECTOR SANTOS   Sb:github wcsdk
[ 2] Msg:49893 Fm:secur...@bbt.no To:HECTOR SANTOS   Sb:BB&T SECURITY 
SERVICES
[ 3] Msg:49894 Fm:list-wildcat-be To:HECTOR SANTOS   Sb:Re: 
[list-wildcat-beta]
[ 4] Msg:49895 Fm:CNNEarningEdito To:HECTOR SANTOS   Sb:Double Your 
Income... I
[ 5] Msg:49896 Fm:list-wildcat-be To:HECTOR SANTOS   Sb:Re: 
[list-wildcat-beta]
[ 6] Msg:49897 Fm:list-wildcat-be To:HECTOR SANTOS   Sb:RE: 
[list-wildcat-beta]
[ 7] Msg:49898 Fm:list-wildcat-be To:HECTOR SANTOS 
Sb:[list-wildcat-beta] RE:
[ 8] Msg:49899 Fm:list-wildcat-be To:HECTOR SANTOS   Sb:RE: 
[list-wildcat-beta]
[ 9] Msg:49900 Fm:ProjectMgmtTrai To:HECTOR SANTOS   Sb:Project 
Management Trai
[10] Msg:49901 Fm:list-wildcat-be To:HECTOR SANTOS   Sb:Re: 
[list-wildcat-beta]

[11] Msg:49902 Fm:Developers@wins To:HECTOR SANTOS   Sb:[Developers] pxw
[12] Msg:49903 Fm:mrsshirlevine20 To:HECTOR SANTOS   Sb:Donation of 
Mrs. Shirle
[13] Msg:49904 Fm:mrsshirlevine20 To:HECTOR SANTOS   Sb:Donation of 
Mrs. Shirle
[14] Msg:49905 Fm:list-wildcat-be To:HECTOR SANTOS   Sb:RE: 
[list-wildcat-beta]
[15] Msg:49906 Fm:morris.cooper@l To:HECTOR SANTOS   Sb:Indebted for 
driving on

[16] Msg:49907 Fm:group.consultin To:HECTOR SANTOS   Sb:MUTUAL OFFER
[17] Msg:49908 Fm:ad428352916@for To:HECTOR SANTOS   Sb:Fwd: For Sale 
by Owner

[18] Msg:49909 Fm:easyhrsoftware@ To:HECTOR SANTOS   Sb:HR Software
[19] Msg:49910 Fm:sa...@toyska.co To:HECTOR SANTOS   Sb:Canada Goose - 
The Ulti
[20] Msg:49911 Fm:ad428352916@gin To:HECTOR SANTOS   Sb:Reply: Plus 
size fashio
[21] Msg:49912 Fm:incoming@interf To:HECTOR SANTOS   Sb:You have new 
fax, docum
[22] Msg:49913 Fm:FreedomGenerato To:HECTOR SANTOS   Sb:Power 
Companies Caught

[R]ead, [M]ark, [C]ontinue, [N]onstop, [Q]uit? []

yes, mucho spam!

Wit limited screen dimensions, you end up with truncated field 
displays.  That was the original display we had for TUI.  Based on our 
discussions, I will pencil in a change consideration to not show the 
To: which will extend the FM:. I could put the date here too.  But 
again, we are limited.


For a Native GUI View, it borrowed similar to Windows Explorer display 
views. The default columns are:


{mail.subject}
{mail.From}
{mail.to}
{mail.date}

For the HTML GUI view, the backend renders the following default columns:

Msg#
Date:
From:Subject:
To:
Replies (count)

So it is one 1 table row with a message item displayed like so:

++
|{mail.number}| {mail.from} | {mail.to} | {mail.References.count}|
|  

Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-06-30 Thread Alessandro Vesely

On Mon 29/Jun/2020 15:01:07 +0200 Doug Foster wrote:

Very creative suggestion.   We need some new ideas.

However, I just checked my MUAs.   All of them assume that "To" is
unimportant, so it is not displayed in the message list.   "To" only appears
in the message view (including the Preview pane).Without more
visibility, it probably does not sufficiently solve the user interface need.
Which also suggests why I have not seen spammers try to manipulate that
field.



Can't you select what fields to display in the folder view?

The Sent folder must look boring if it only displays From:.

How about catchall folders?  Hm...  I though all email clients featured 
customizable views nowadays.



Thank you for replying
Ale
--





















___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-06-29 Thread Doug Foster
Very creative suggestion.   We need some new ideas.

However, I just checked my MUAs.   All of them assume that "To" is
unimportant, so it is not displayed in the message list.   "To" only appears
in the message view (including the Preview pane).Without more
visibility, it probably does not sufficiently solve the user interface need.
Which also suggests why I have not seen spammers try to manipulate that
field.

Doug Foster

-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Alessandro Vesely
Sent: Monday, June 29, 2020 5:19 AM
To: dmarc-ietf
Subject: [dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

Hi all,

I mentioned setting To: author instead of From: author-like, near the bottom
of a message[*] a week ago, but missed any WG comments on it.  That setting
would result if I run a mailing list "by hand", using a normal email client.
I'd hit reply and then add a bunch of Bcc:'s.  Of course, a suitable
template would insert a subject tag instead of "Re:", et cetera.

It'd be a cleaner solution than From: rewriting, inasmuch as it saves the
association between display names and addresses, for the sake of address
books consistency.  The anomaly of seeing authors in To: fields, with some
getting used to it, may even become a distinguished characteristic of
indirect mail flows.

How unbearable would that be?  And why?  Maybe some comments on this subject
can bring out some more details about the rightness or wrongness of the
various flavors of From: rewriting.


Best
Ale
-- 

[*] https://mailarchive.ietf.org/arch/msg/dmarc/Mi6jz1SfgOnz7JjPUemkpJvFQ_w





























___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc



___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


[dmarc-ietf] Setting From: MLM, To: author, Bcc: subscribers

2020-06-29 Thread Alessandro Vesely
Hi all,

I mentioned setting To: author instead of From: author-like, near the bottom of 
a message[*] a week ago, but missed any WG comments on it.  That setting would 
result if I run a mailing list "by hand", using a normal email client.  I'd hit 
reply and then add a bunch of Bcc:'s.  Of course, a suitable template would 
insert a subject tag instead of "Re:", et cetera.

It'd be a cleaner solution than From: rewriting, inasmuch as it saves the 
association between display names and addresses, for the sake of address books 
consistency.  The anomaly of seeing authors in To: fields, with some getting 
used to it, may even become a distinguished characteristic of indirect mail 
flows.

How unbearable would that be?  And why?  Maybe some comments on this subject 
can bring out some more details about the rightness or wrongness of the various 
flavors of From: rewriting.


Best
Ale
-- 

[*] https://mailarchive.ietf.org/arch/msg/dmarc/Mi6jz1SfgOnz7JjPUemkpJvFQ_w





























___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc