IETF Logo Mail Archive

Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

Todd Herr <todd.herr@valimail.com> Tue, 19 July 2022 20:05 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D12DAC159486 for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 13:05:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GkNp3T1TLwrh for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 13:05:15 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD9B6C14CF1B for <bimi@ietf.org>; Tue, 19 Jul 2022 13:05:15 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id 64so28500611ybt.12 for <bimi@ietf.org>; Tue, 19 Jul 2022 13:05:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=YGuYstjSJer7XZsAmhnBn6+YGhqw6BsA/V1idgGtDKI=; b=ZfN4AG1f0/NxVhT+z5EeK6rGirEAHdNLBeR9EMe9mtXB2UOZ01OfzZBTFPzmrnFTCP CLIBn1geAC6c0cnGBjAUTeLphxHQcB8WXESr2W9lnrBDjmIM2jntHLmmuGaCQl7zwYM4 yK9eCF8aPcE5XFD+Oc6m+jJhVa1Z7Qum8dG11RR6os1zbM0yRjS2CkaUzfVXXeR0+GYY 6Vw5ScwAqClz3RzF69PYjByUBP4jS97/mqBl0cy7pOpY6BP7jc4myZE3X8OKnqne1ICV ZWhkv9SVaN27nVIDNkEVcl/4jKSHEI0syhwQg5flbbNS8g0tcsVWsWoEdfOIk/c29yYq Q9Iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=YGuYstjSJer7XZsAmhnBn6+YGhqw6BsA/V1idgGtDKI=; b=hm7HXwafCKdw1NtmPfb5t4Sy1WLcAYokcpkh9uWn0SfK5xGsDO9DjHc0HAdajXVoAj /Mh3mtXDEzYSq3MnYFmSP6GytiS/fLEA1st2qd+P1JC/qKkoCLak3iRhVnd0RmeeYsYy AMdTD6ARqw/C/xkE89DfAlnzafrDEmHoeijM/3YkJSnTDq23zuZ4svLQNZddy7DOpmxb TNN8dsGu+dWdm4/iThGWCD+U6ANaVfeRD54nxMjcVp8WpZLwaD4lG1G1XG21MQDhZ9Yc c1e4gGuw8Z98qmekNysAQpIc2M//TOSxh5o8OT44T73TDB9JHKKRgI7w5IJY7xVXq9hW MnCw==
X-Gm-Message-State: AJIora+dqIGKryGc01nfkNw6jMSO7nxxJMQweZhsrsZBePckES6SXhHI pnxgjUE4+KvA6WuTv7wtjkUt+sXUOccUD0piYvAkYTos1P93pw==
X-Google-Smtp-Source: AGRyM1udrpxKDwNihSNfLlTNgPL7GwP9Ro2U8lDed3NqNBxHYltwwaJSXyCStHcquAHzO8NJ+5xCTTkPFbEh+kSCsL0=
X-Received: by 2002:a25:afd4:0:b0:670:8b93:20bc with SMTP id d20-20020a25afd4000000b006708b9320bcmr3066198ybj.226.1658261114257; Tue, 19 Jul 2022 13:05:14 -0700 (PDT)
MIME-Version: 1.0
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <11A2B052-A26C-4A9C-9D88-72B594DA1C59@proofpoint.com> <VI1PR01MB70537BA29DA1F456B858C17FC78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <6993E8B6-11A0-4AF3-A94E-044F880E56BC@proofpoint.com> <CAHej_8kjwtGE4rDrXfTpgThOD-jh7t0GK9EUnVjVZT_OJzzsvg@mail.gmail.com> <VI1PR01MB705353E36328899609DE2471C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <12a85dfe-664f-d757-0fa2-81f17c8088c2@dcrocker.net> <4e9ab94e-8675-df70-3e4b-00edcedb266e@dcrocker.net> <5DE65D46-853F-4F61-ADA7-20CB5E7E6840@kitterman.com> <7f030278-3f9b-c8ea-f9eb-644f006cded9@dcrocker.net> <CC11EF68-1E27-41CD-AE2D-AC26DA261EAD@kitterman.com> <CAHej_8mNCTw0LpnWTBCpqZJhHQcDgrsC4truK1dD_-HbyVgsWA@mail.gmail.com> <90369013-6a44-0b6f-4345-53595695de30@dcrocker.net> <CAHej_8ksVcBZwMzNgzS6P6txJo42u36FD5W0-9dMt=DE6sYRUA@mail.gmail.com> <60b46bf2-46cc-6269-88b5-bc879eadda25@bbiw.net>
In-Reply-To: <60b46bf2-46cc-6269-88b5-bc879eadda25@bbiw.net>
From: Todd Herr <todd.herr@valimail.com>
Date: Tue, 19 Jul 2022 16:04:58 -0400
Message-ID: <CAHej_8n5E0NABJz5Vro-GEuL1w45yBK55fecN=UG5MVDnCD-Zw@mail.gmail.com>
To: bimi@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a9190a05e42e0027"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/ZLX4x11ofH4W6A7GS0K6zCZpKog>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 20:05:19 -0000

On Tue, Jul 19, 2022 at 3:40 PM Dave Crocker <dcrocker@bbiw.net> wrote:

> On 7/19/2022 12:30 PM, Todd Herr wrote:
>
>
>    - What was the DMARC policy for the RFC5322.From domain at the time
>    the message was sent?
>    - What was the SPF record for the RFC5321.MailFrom domain at the time
>    the message was sent?
>    - Did a BIMI Assertion Record exist for the domain at the time the
>    message was sent?
>
> Put another way, is it ok to display the mark for the message now even if
> it wasn't when it was received or even if it wasn't because BIMI didn't
> exist for the domain at the time the message was received?
>
>
> DMARC, DKIM and SPF (in this use) are strictly for authentication.  And
> the latter two were only designed for transit-time evaluation.  (Arguably
> this also applies to DMARC.)
>
Moreover, they have nothing to do with trust of substance, other than a
> domain name.
>
> Presumably authorization to use a BIMI mark is more than that, pertaining
> to some matter(s) of business and display trust.  That level of trust that
> presumably could be withdrawn after initial validation, even as domain name
> authorization remains.
>

The current version of the draft BIMI spec mandates that a message receive
a DMARC 'pass' verdict (or the equivalent in ARC headers) in order for BIMI
processing to even take place.

This says to me that any scheme requiring the MUA to do its own BIMI
validation be one that takes into account the DMARC validation result at
time of message receipt.

-- 

*Todd Herr * | Technical Director, Standards and Ecosystem
*e:* todd.herr@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email