23 Sep
2017
23 Sep
'17
8:17 p.m.
On Sep 23, 2017, at 7:07 AM, Theodore Ts'o
<tytso(a)mit.edu> wrote:
This is actually the whole *point* of DMARC. They want to make sure
that if you see a from field of paypal.com, it means "paypal.com", and
did not come from SCAMMER(a)MAKE.MONEY.FAST.NG. So this is why DMARC
apologists who argue that this could be fixed by having MUA's hacked
so they display the X-List-From: field in the threaded mail summary
are wrong. If you do this, then Nigerian spammers will be able to use
X-List-From: field to fool stupid e-mail users, and then Yahoo and
Paypal will end up pushing DMARCv2 (outside the IETF standards
structures, just as DMARC is pushed outside of the standards bodies,
but by big companies imposing their will on the rest of the Internet)
to censor the X-List-From: field just as DMARC is trying to force
mailing list reflectors to munge the From field.
Amen.
I hope this whole topic doesn't go off the rails – we've had enough of those on
the list the past couple of weeks.
But I will note that, if the sites that enforce the fully-anal interpretation of DMARC
start destroying the list, it's completely within the spirit of TUHS to migrate to a
UUCP-only distribution. (Note the deliberate absence of a smiley.)
--lyndon