OT: Re: Younger generations preferring social media(esque) interactions.

Michael Thomas mike at mtcc.com
Tue Mar 23 22:16:31 UTC 2021


On 3/23/21 2:55 PM, Grant Taylor via NANOG wrote:
> On 3/23/21 1:40 PM, Michael Thomas wrote:
>> The big problem with mailing lists is that they screw up security by 
>> changing the subject/body and breaking DKIM signatures.
>
> What you are describing is a capability, configuration, execution 
> issue with the mailing list manager software.
>
> Said another way, what you are describing is *NOT* a problem with the 
> concept of mailing lists.
>
> MLMs can easily receive messages -- after their MTA imposes all 
> germane filtering -- and generate /new/ but *completely* *independent* 
> messages substantially based on the incoming message's content.  These 
> /new/ messages come /from/ /the/ /mailing/ /list/!  Thus the mailing 
> list operators can leverage all the aforementioned security / safety 
> measure for the mailing list.
But they still have the originating domain's From: address. Manifestly 
using MLM signatures as means of doing a reputation check is a 
previously unsolved problem hence the silliness of the ARC experiment 
which relies on the same assumption you are making here. Since Google 
participated in ARC, that is a pretty tacit admission they don't know 
how to do mailing list reputation either.
>
> SPF / DKIM / DMARC are mean to enable detection (and optionally 
> blocking) of messages that do not come from their original source. 
> Mailing lists are inherently contrary to this.  But the mailing list 
> can be a /new/ source.
The sticking point is the From: address. If I set up a DMARC p=reject 
policy, I should not be surprised that the receiver does what I asked 
and trashes mailing list traffic. The point in my blog post is that 
after over 15 years a solution is not going to be found, and trust me I 
have tried back in the day. That we should just give up caring about 
mailing list traversal and put the burden on MLM's to figure it out by 
either not changing the message body/subject, or using that horrible 
hack of rewriting the From address.
>
>> This makes companies leery of setting the signing policy to reject 
>> which makes it much easier for scammers to phish.
>
> Hence, having the mailing list send out /new/ messages with /new/ 
> protection measures mean less breakage for people that send messages 
> to the mailing list.

Mailing lists have been sending out resigned messages for over a decade. 
We still have really low adoption of p=reject signing policy and at 
least part of the problem is because of fear of mailing lists affecting 
users.

>
> Treating the mailing list as it's own independent entity actually 
> enables overall better security.
>
> Aside:  It is trivial to remove things that cause heartburn (DKIM) 
> /after/ NANOG's SMTP server applies filtering /before/ it goes into 
> Mailman.


An unsigned message is treated the same as a broken signature. That 
doesn't help from the From: signing policy standpoint.

Mike


More information about the NANOG mailing list