From info at arin.net  Tue Aug 22 09:56:53 2017
From: info at arin.net (ARIN)
Date: Tue, 22 Aug 2017 09:56:53 -0400
Subject: [ARIN-consult] Community Consultation on DMARC for ARIN Mailing
 Lists
Message-ID: <76e0ec7b-1f5a-348b-010d-005fb92d7906@arin.net>

ARIN received a suggestion via the ARIN Consultation and Suggestion 
Process (ACSP) to add DMARC (Domain-based Message Authentication, 
Reporting, and Conformance) support to ARIN mailing lists. In our 
response to the suggestion we indicated a community consultation would 
be conducted by Q3 of 2017 to support our research into a possible ARIN 
implementation.

https://www.arin.net/participate/acsp/suggestions/2017-11.html

A description of DMARC is currently available inside Informational RFC 
7489:
https://tools.ietf.org/html/rfc7489

Additional draft documents are also being worked on inside the DMARC 
Working Group of the IETF:
https://datatracker.ietf.org/wg/dmarc/documents/

The author of ACSP 2017.11 also provided reference to a Mailman support 
page for DMARC (note that ARIN currently uses Mailman 2):
https://wiki.list.org/DEV/DMARC

In our initial response to ACSP 2017.11, we indicated it was not at the 
time clear if it was possible to operate a mailing list in a manner 
which both meets existing community expectations for mailing list 
behavior and conforms to DMARC's expectations regarding header/sender 
alignment. We offer the following questions to solicit your input on 
this topic. Provided there is support to move forward with a DMARC 
implementation, your feedback will be used to help inform the 
development of a plan that accommodates DMARC and prevents potential 
negative impacts to participants on ARIN mailing lists.

1.  Should ARIN implement DMARC for ARIN mailing lists?

2.  Do you have guidance you would like ARIN to consider when 
implementing DMARC for ARIN mailing lists?

Your answers to these questions, including any additional information 
you would like to provide, will help guide our next steps in response to 
ACSP 2017.11. Thank you for your participation in the ARIN Consultation 
and Suggestion Process. This consultation will remain open until Friday, 
15 September 2017.

If you have any questions, please contact us at info at arin.net.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)



From bill at herrin.us  Tue Aug 22 14:35:55 2017
From: bill at herrin.us (William Herrin)
Date: Tue, 22 Aug 2017 14:35:55 -0400
Subject: [ARIN-consult] Community Consultation on DMARC for ARIN Mailing
 Lists
In-Reply-To: <76e0ec7b-1f5a-348b-010d-005fb92d7906@arin.net>
References: <76e0ec7b-1f5a-348b-010d-005fb92d7906@arin.net>
Message-ID: <CAP-guGXHZDxK_Oq7Bb5uThrEeuYboqX+-mts_-ueDiC+jhNYKA@mail.gmail.com>

On Tue, Aug 22, 2017 at 9:56 AM, ARIN <info at arin.net> wrote:

> 1.  Should ARIN implement DMARC for ARIN mailing lists?
>

Hi,

Is this going to blow up my email forwarding out to gmail that has worked
for the last decade? If so, I vote NO.

Regards,
Bill Herrin


-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20170822/bf8a462e/attachment.html>

From bjones at vt.edu  Tue Aug 29 16:50:48 2017
From: bjones at vt.edu (Brian Jones)
Date: Tue, 29 Aug 2017 16:50:48 -0400
Subject: [ARIN-consult] Community Consultation on DMARC for ARIN Mailing
 Lists
Message-ID: <CANyqO+G41TUYKvWh6dL2ovpcuOV1NrNMsAky4R_teFpAMuaKRg@mail.gmail.com>

I am worried about how this will interact with email forwarding and how
well it may or may not interoperate with our existing email filtering
systems. Reading about it I ave a feeling it would also interfere with the
way we disperse to other operations center functional groups that we serve.
So I currently vote no for implementing DMARC.

Brian E Jones
Virgin Tech

--
Brian
--
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20170829/72e55890/attachment.html>

From mysidia at gmail.com  Tue Aug 29 19:28:18 2017
From: mysidia at gmail.com (Jimmy Hess)
Date: Tue, 29 Aug 2017 18:28:18 -0500
Subject: [ARIN-consult] Community Consultation on DMARC for ARIN Mailing
 Lists
In-Reply-To: <CAP-guGXHZDxK_Oq7Bb5uThrEeuYboqX+-mts_-ueDiC+jhNYKA@mail.gmail.com>
References: <76e0ec7b-1f5a-348b-010d-005fb92d7906@arin.net>
 <CAP-guGXHZDxK_Oq7Bb5uThrEeuYboqX+-mts_-ueDiC+jhNYKA@mail.gmail.com>
Message-ID: <CAAAwwbXXe24f1grLT0FoWxhH17QHbGcFp0fJ5-MynC1JwuZcig@mail.gmail.com>

On Tue, Aug 22, 2017 at 1:35 PM, William Herrin <bill at herrin.us> wrote:
> On Tue, Aug 22, 2017 at 9:56 AM, ARIN <info at arin.net> wrote:
>>
>> 1.  Should ARIN implement DMARC for ARIN mailing lists?

I would say Yes...  my feeling is that Arin  MUST start doing something to
fully adhere to sender domain DMARC policies in supporting posting from
users who join the mailing list when their sender domain has a DMARC
p=reject  strict policy  with  SPF and DKIM signing alignment
(A current industry best practice,  which  mail implementors are using on
many domains,  including  Yahoo.com)...

On the contrary  the current state is _broken_,  for example if a user
posting to an ARIN mailing list has a @yahoo.com address,   An example of
a domain currently publishing a DMARC policy  with a required
DKIM or SPF match  when the  RFC5322.From From: header
OR the   RFC5321.MailFrom  (SMTP envelope) contains a @yahoo.com address.

_dmarc.yahoo.com descriptive text "v=DMARC1\; p=reject\; pct=100\;
rua=mailto:dmarc_y_rua at yahoo.com\;"
yahoo.com descriptive text "v=spf1 redirect=_spf.mail.yahoo.com"
_spf.mail.yahoo.com descriptive text "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all"
_domainkey.yahoo.com descriptive text "t=y\; o=~\;
n=http://antispam.yahoo.com/domainkeys"


> Is this going to blow up my email forwarding out to gmail that has worked
> for the last decade? If so, I vote NO.

The current state, I believe: is  "Already blown up",  for mailing
list posters on domains that have implemented  the DKIM signing and
DMARC standards.


>
> Regards,
> Bill Herrin
---
-JH


From kevinb at thewire.ca  Thu Aug 31 23:51:26 2017
From: kevinb at thewire.ca (Kevin Blumberg)
Date: Fri, 1 Sep 2017 03:51:26 +0000
Subject: [ARIN-consult] Community Consultation on DMARC for ARIN Mailing
 Lists
In-Reply-To: <76e0ec7b-1f5a-348b-010d-005fb92d7906@arin.net>
References: <76e0ec7b-1f5a-348b-010d-005fb92d7906@arin.net>
Message-ID: <7E7773B523E82C478734E793E58F69E7A52424DD@SBS2011.thewireinc.local>

I may be wrong but I believe the question is wrong.

1.  Should ARIN implement DMARC for ARIN mailing lists?

Is the intention to setup DMARC on arin.net or mitigate issues that are created by DMARC on arin.net mailing lists? 

If the question was Should ARIN implement features to mitigate mail issues caused by DMARC?

Then yes, using the features in Mailman 2.x to rewrite the from address should be done. Not just to fix issues with DMARC but SPF as well.

The only downside that I am aware of is direct replying to a message, off the list, is more difficult, but mail deliverability is more consistent as it is only coming from arin.net.

Regarding question 2 I would suggest switching one mailing list and seeing the result.

Thanks,

Kevin Blumberg

-----Original Message-----
From: ARIN-consult [mailto:arin-consult-bounces at arin.net] On Behalf Of ARIN
Sent: Tuesday, August 22, 2017 9:57 AM
To: ARIN-consult at arin.net
Subject: [ARIN-consult] Community Consultation on DMARC for ARIN Mailing Lists

ARIN received a suggestion via the ARIN Consultation and Suggestion Process (ACSP) to add DMARC (Domain-based Message Authentication, Reporting, and Conformance) support to ARIN mailing lists. In our response to the suggestion we indicated a community consultation would be conducted by Q3 of 2017 to support our research into a possible ARIN implementation.

https://www.arin.net/participate/acsp/suggestions/2017-11.html

A description of DMARC is currently available inside Informational RFC
7489:
https://tools.ietf.org/html/rfc7489

Additional draft documents are also being worked on inside the DMARC Working Group of the IETF:
https://datatracker.ietf.org/wg/dmarc/documents/

The author of ACSP 2017.11 also provided reference to a Mailman support page for DMARC (note that ARIN currently uses Mailman 2):
https://wiki.list.org/DEV/DMARC

In our initial response to ACSP 2017.11, we indicated it was not at the time clear if it was possible to operate a mailing list in a manner which both meets existing community expectations for mailing list behavior and conforms to DMARC's expectations regarding header/sender alignment. We offer the following questions to solicit your input on this topic. Provided there is support to move forward with a DMARC implementation, your feedback will be used to help inform the development of a plan that accommodates DMARC and prevents potential negative impacts to participants on ARIN mailing lists.

1.  Should ARIN implement DMARC for ARIN mailing lists?

2.  Do you have guidance you would like ARIN to consider when implementing DMARC for ARIN mailing lists?

Your answers to these questions, including any additional information you would like to provide, will help guide our next steps in response to ACSP 2017.11. Thank you for your participation in the ARIN Consultation and Suggestion Process. This consultation will remain open until Friday,
15 September 2017.

If you have any questions, please contact us at info at arin.net.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

_______________________________________________
ARIN-Consult
You are receiving this message because you are subscribed to the ARIN Consult Mailing List (ARIN-consult at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues.