From mboxrd@z Thu Jan 1 00:00:00 1970 From: lyndon@orthanc.ca (Lyndon Nerenberg) Date: Sat, 23 Sep 2017 11:17:42 -0700 Subject: [TUHS] Excessive bouncing ... argh! In-Reply-To: <20170923140725.sqxxg7bb7cxkkwmi@thunk.org> References: <20170921223420.GA27231@minnie.tuhs.org> <20170922114637.-EfSz%steffen@sdaoden.eu> <20170923140725.sqxxg7bb7cxkkwmi@thunk.org> Message-ID: > On Sep 23, 2017, at 7:07 AM, Theodore Ts'o wrote: > > This is actually the whole *point* of DMARC. They want to make sure > that if you see a from field of paypal.com, it means "paypal.com", and > did not come from SCAMMER at MAKE.MONEY.FAST.NG. So this is why DMARC > apologists who argue that this could be fixed by having MUA's hacked > so they display the X-List-From: field in the threaded mail summary > are wrong. If you do this, then Nigerian spammers will be able to use > X-List-From: field to fool stupid e-mail users, and then Yahoo and > Paypal will end up pushing DMARCv2 (outside the IETF standards > structures, just as DMARC is pushed outside of the standards bodies, > but by big companies imposing their will on the rest of the Internet) > to censor the X-List-From: field just as DMARC is trying to force > mailing list reflectors to munge the From field. Amen. I hope this whole topic doesn't go off the rails – we've had enough of those on the list the past couple of weeks. But I will note that, if the sites that enforce the fully-anal interpretation of DMARC start destroying the list, it's completely within the spirit of TUHS to migrate to a UUCP-only distribution. (Note the deliberate absence of a smiley.) --lyndon