[Bcc'ing dmarc, but directed to ietf-822, since that's where we appear
to be having the discussion for the moment.]
These ideas about mailing lists have been rattling around in my head
these past couple of days, and they're based on a bunch of design
assumptions. So I figured I'd post my list of assumptions and see if
anybody thought any of them were off in space.
1. The mailing list itself is going to have to participate in this in
some way. There's no point in trying to design something for mailing
lists that simply will not make any modifications.
2. In the end, we want mailing lists to be able to send messages that
say "From: u...@originatingdomain.example.com" and not have to say
"From: l...@listdomain.example.net".
3. If an originator sends mail to a mailing list, the originator is
implicitly giving permission for the list to re-distribute the message
"From:" the originator.
4. If an originating site allows its users sending mail to mailing lists
at all, the site is OK with *any* mailing list re-distributing mail from
its users. so long as the mailing list received the mail directly from
the originating user through the originating site. That is, originating
sites don't care about pre-vetting mailing lists; they just care that
the mail sent by mailing lists came directly from their users.
5. For a recipient of mailing list mail, their site cares about whether
the message they got came directly from the mailing list site, cares
that the mailing list got the mail directly from the originating user's
site, and cares that the mailing list got the mail relatively recently.
For the most part, the recipient's site doesn't care how much has
changed about the content of the message. The eventual recipient might
care if the changes are in the extreme, but from a "is this spoofed
spam" perspective, that really doesn't matter.
6. The mailing list cares about whether it got the message directly from
the originating user's site.
7. An originating site would be willing to query (through a DNS lookup
or otherwise) the first hop recipient for any message and stick
something in the message that indicates, "This message came from
originating user's site and was sent to recipient at such-and-so time",
in order to facilitate #4 and #5.
8. The mechanism we use might need to chain: If I send to a mailing list
A, which itself sends to another mailing list B, the eventual recipient
will be able to see that the message it got came directly from B, which
it got from A, which it got from me.
Anything I screwed up there? Any assumption I'm missing?
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc