IETF Logo Mail Archive

Re: [Bimi] MUA Evaluation of BIMI

"Brotman, Alex" <Alex_Brotman@comcast.com> Mon, 14 March 2022 20:55 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444313A1585; Mon, 14 Mar 2022 13:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T5DQhrV94NP4; Mon, 14 Mar 2022 13:55:52 -0700 (PDT)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7223A1584; Mon, 14 Mar 2022 13:55:49 -0700 (PDT)
Received: from pps.filterd (m0184889.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22EKYpNI004623; Mon, 14 Mar 2022 16:55:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20190412; bh=CrzTbqacFem/rWFYhyQqwsqCVan+VgZBxLXV3Nd/Ruo=; b=UfAyumFbMSqdmv566rPaeAp2WFb33ucNJcjVJOjjkPe63sGu450r5xz2hmqgLo6KpMsQ q7oMZLxPAGyKM5ppekEsYVcNiJ8x7kfmSJzVBzERs2UUwCvojdugDJatnZWZxWrTJyrt 8OR/Gc7vcL7oOp6QB1ZnrTdHTm3I6VBJcxabcVqtzp5VnkorxaghhwQvW4MzX9fyZ2L5 YjNHTp3MJ478+/S6WZfzJENqeUoBhLjgC8EU4/ELrBd2nJ0/lZsfP3zE/0Zik8aojR4O eHm5W27+RcXhBMJVdat4BxNCu9fgNU4R2cwzXhg97lHCLDVoqKW6MpjUnt4gPRX9nwUP qQ==
Received: from copdcexop03.cable.comcast.com (dlppfpt-as-1p.slb.comcast.com [96.99.226.135]) by mx0b-00143702.pphosted.com (PPS) with ESMTPS id 3et642mjad-29 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 14 Mar 2022 16:55:48 -0400
Received: from COPDCEXOP01.cable.comcast.com (147.191.124.156) by COPDCEXOP03.cable.comcast.com (147.191.124.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15; Mon, 14 Mar 2022 13:55:27 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by COPDCEXOP01.cable.comcast.com (147.191.124.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.986.15 via Frontend Transport; Mon, 14 Mar 2022 13:55:27 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.47) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Mon, 14 Mar 2022 14:55:29 -0600
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by DM8PR11MB5653.namprd11.prod.outlook.com (2603:10b6:8:25::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.22; Mon, 14 Mar 2022 20:55:24 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::15bd:e7ac:d4e:f01f]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::15bd:e7ac:d4e:f01f%6]) with mapi id 15.20.5061.028; Mon, 14 Mar 2022 20:55:23 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: Ken O'Driscoll <ken=40wemonitoremail.com@dmarc.ietf.org>, Trent Adams <tadams=40proofpoint.com@dmarc.ietf.org>
CC: "bimi@ietf.org" <bimi@ietf.org>
Thread-Topic: MUA Evaluation of BIMI
Thread-Index: AQHYNakS7cBGBKKcikGTe1q57Bj1Vqy/BUnggABVaQA=
Date: Mon, 14 Mar 2022 20:55:23 +0000
Message-ID: <MN2PR11MB4351276056888F77815E220EF70F9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <7639D8E5-B8CA-48E6-B6F3-63BA091C3AC5@contoso.com> <VI1PR01MB7053B6AF625A5FFB2222F795C70F9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
In-Reply-To: <VI1PR01MB7053B6AF625A5FFB2222F795C70F9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a563c5ee-7092-4776-5f1c-08da05fcf5c5
x-ms-traffictypediagnostic: DM8PR11MB5653:EE_
x-microsoft-antispam-prvs: <DM8PR11MB56534854B5E6984C79973455F70F9@DM8PR11MB5653.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6EdjMvP8b2N2eg/ffL3o61B9Q0xJ4PPEzEHqI/hNAGCSsBdABi1NWF761W7ezcAO6ERVSCoa6MamupB29TAxtBO7asEekMLCeTf/IM9z9cep7umvarNmSe0PXcicF2vENhoP9UCm9QYyVirSnVN2fzEN+c8WmnxXWYpgeL0R/B8w5qY9FyJ/aGLINYX+ADuLUL+F+VZDhyxX3PXwjgni1kVxcYBIOYUqG3wbfYcmSp9LdtrcIp2G7r4QXUx2hrlQrrICVHHPr79b5AZO+3G13A3H5p+smvrnpl5NUL4qDlNXAb3yuzaBiwyCJszNafXM6PBKz+8xc7GEkLBBZ3o/xr2mxj4FSW3vtcyWfDSbSlJwX4rpjczlwct9Gev0EetBMQlI9FZ0+gaqUpsfCeKc1FTe0kbRX9Yxu7bTiP5nINttCObZw/cCgNoiMZyh2ElkXGZ/B7wTVRGTUHnKWh8jG9jnZ4W/ZflXSmrdW6fiH8FScFRsj2btaPwo3e5mq4Ryz+sojqpottqZKNgoaly+bzgMv6YdTYkRDKvhi06Yg8M64SNXUUzSfcqwuzaSVu+3aw4WwpA5SkqTklh/esWpP4Q2DmDm/mWxISJm6b8JJrdCUIvZeQuz8WLh4u78tl2LUHUBNv7ASJ8zsZuf1hpZMX+XePOWUlZcqC7kB496aUcH+42/HAkS12T7sw82jkECjSA3jWjfUYq3NAnxbANapg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(83380400001)(82960400001)(52536014)(3480700007)(71200400001)(38070700005)(6506007)(38100700002)(4744005)(9686003)(7696005)(8936002)(110136005)(186003)(508600001)(122000001)(316002)(2906002)(86362001)(5660300002)(33656002)(55016003)(4326008)(66446008)(64756008)(66476007)(66556008)(8676002)(76116006)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xbodxRqYiJFUxffP7ZERz5eUKVGkAWbX1/HAWRXtJvFPAT5z3zzHBvetvoQKPXjM6U0rXbjW0Nhxb6QXicQh9YcOH7TDysnybVdSVtbAQglxOWXWs3a69yrUo9LTmL/4LXb+o625llCR4FjY0TG/v3llMq5NFy8BJqrVTHXQZTJMMUps5v0euvGkLEdaJxvO3kx5yv8GWiEl3U7SaWDs/GpIEWbKV4ptgfONIaVNn8NDWnuJCQSJzYDJTOua5MNyAekZTnqG5mGLP0Gv1rZJTguCwHWT0mh0xJP1UUyumkkUXjh6FiTpx6O8UlDyERjQd82RXI2VN0Kq3UxjIffuCl4+t8/0M9CdqKZaRxkYL/njT8LTz18aIDa0nRP1h14TODhaGfuuQ9np96Y3qzIfMPjON10/8CyWrV71NNVGSsximV4UqNTLHMEuJ0XJOPPvHxKU8sox7ocOsLdHtNByI2UQXb4FPMlk02+xk1SK/K+Ozn2krO+8sZKT9xR3jZzh4fQvGeVBuPAClPgS6jWm0U2igrneNgK0TfVG5gkIgl7xmxb5oVRr0mbDyw5BzXBWpnuYlBiEYVhHw0S4hJO/nwbQ1U4W4xUYQM1LcZWv47xaz0yuKbx+q//60pecgCI8gdbOQCObllFydBxBOAU9A/YGtpfuVNlZ3kcT0RYawhzRe+pH42m2o6oBntLefAWkFsP1KYx0JdDcQAEZEZTThLJz+VBtb4HoIv9qbo1oHm/X/YUT3Ct+GseIyUzm1Oe3w99Q0smI3BQ49VUckzK2WDUxWVrnWtS0CVczWh0vFiUOWkWR4yA2kFuD4ixS8R8DlpqLDFkase4kq5tD37DAtmVN1dcji/EBwAJel2CnbYE+fdZ/NYMo0g2ZszurZB+lXOlsKgRUSqWkAO6827KY+i4fdREPqowbMjTqOAdx2mERTKqqa1HQJmpXcYfE+gbG8pq5Jme/2ZbRad8ppLMSZbdufxgXL9CF6pGaEwoBvevTLyyL90VpNTVwitfxIyr72hqxJDiikr9ESZWU6po+av8igUPH7oX3N+uSmAFAhvvxXhilF5s+32K7S4B5E6HQYNnF6dAaPz75g7RXO+ojxnJDkOuuRChoUpeylLqRyc4L+4zA42TA1dq1SXF6EXKf3DHx7EM0RS98TRVMv4nsOWvgyEWcc6TZhjRpcXqxCw+RoH7UAD9MNFgbmwRlFASq1NcZVDe0MkhseNTp7f2SIYwPWtl4l5Fuyxm724XKNKbUTtsmjnbEP1TPAWnbjIOozepezphAJCm1F5lijrvSVQzvyR88bxmDDOL9A6vLm2yWArAhaCagw1aHfPwEdylB0QHL7/7fMVKM3W4lSEzJhiQRWrBptyz3qvMzyWMH/Y9TDeYlUoRjk6FgwQlrEkUvhL/wpij4A9H3vGfiALSICu3ylfLIJ3Ylne1cZetcO05zzNS5h/BltN4Gm9Aou8mHb/TM7IcwIAd+YMI5894s18ExUQE+Cf28O0fBiHy/joFMq68xjKSsWplXj2RX4ydsYgjxaKxS4NO/OW08rkvrsw==
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vuom05sd8E3j8AFtjXOSNHwxIqEuMz+z1xNwjIoEV76iJ1oVgALlhEQ7qqeK6mIE5c3gvoCEMhBt2InQoh2+5a3/f4of7fekyzflMWi8P/uAN98FpfvXP3XW3ZNQ6t7epAywt2t9o5ywqFc4gJAO7k+20xwKakKj1DWHI3lFMnXFsyMSZxy70hfliKTLQdOPNE/SFj0D5+XahwiTyP1TXtQJvqBm4m+LcaRjuxagl8grs2Yrel0/WLa31cILgj88VpPbI2TmKlvNcJuWlTdh+z3ICTBg+akUh4RQqCngeUA/j53Z8tO6jf2NKmdqMjdPD/1Wq/ZEbD+ziHY5fxwgVg==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wU0cbCMBgYw8NaQdBOEV0ZQVevO8hgN9BdSKozskEuw=; b=R6/A3zkqiQjdCCNdz/zY/7hYdt+/rtuQYBd8OJaHyQIyvhhIwpm1LwiSjo1CWBZufuUgpVChDcWQqQLMYupNxhjSvqdliKmNu4fDign00fMTYPpzZ5cqznHhwt9SUtugY1owu72wHFKDTXewrhihSVKRmqvVIFvwfBYzFs/pTk4IApfIYlk3Nuz1KFPU6TTAmrpXYlYr4X9Txs9y0hKGw7LfU/FsKEqNe54Hy8n4FMhywkeic88KbRHw0/DGBc/0DgvM7hBK6CYm9JhLppHawR13GUaLha1/WRAF6DiQ+m/xHv3+vIm8+GL0SIRBOBt59mSNq9ywNxmnw6Wa5kqN+w==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: a563c5ee-7092-4776-5f1c-08da05fcf5c5
x-ms-exchange-crosstenant-originalarrivaltime: 14 Mar 2022 20:55:23.8659 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: 9jxIVhnSihedmlGGlGV6pquvmMRgfMHNSBaAkfcfrIzaw8UvUvUmaDHY9LHX2mhrgSipy3OmW+BmWH0yz7HGMmKSAKSj3ykpem/eLKUzXX0=
x-ms-exchange-transport-crosstenantheadersstamped: DM8PR11MB5653
x-originatororg: comcast.com
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4351276056888F77815E220EF70F9MN2PR11MB4351namp_"
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWI
X-Proofpoint-GUID: TUsv9I0spyJuaZlwVNqy8fP8CKkbR-Cq
X-Proofpoint-ORIG-GUID: TUsv9I0spyJuaZlwVNqy8fP8CKkbR-Cq
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-14_13,2022-03-14_02,2022-02-23_01
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/0KHjZ1xqiaLqFvSbhmiNHdHDHfY>
Subject: Re: [Bimi] MUA Evaluation of BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2022 20:55:57 -0000

> It’s really up to the user of the MUA to determine whether or not to trust upstream authentication headers. There are already plugins for the likes Roundcube and Thunderbird that are parsing the current AR headers.

I feel like an item that needs to be considered is that if you’re to rely on these headers, you need to have a reasonable assurance they came from the MBP for which the message was intended.  Do we need notes to describe how it is that the MUA is meant to evaluate that header and its origin?  Or is that beyond our scope?

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

v2.23.0 | Report a Bug | By Email