IETF Logo Mail Archive

Re: [Bimi] MUA Evaluation of BIMI

John R Levine <johnl@taugh.com> Thu, 17 March 2022 20:14 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61E963A0E93 for <bimi@ietfa.amsl.com>; Thu, 17 Mar 2022 13:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=pyXTDuiY; dkim=pass (2048-bit key) header.d=taugh.com header.b=ByEC7YdG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRyMWb9pmvve for <bimi@ietfa.amsl.com>; Thu, 17 Mar 2022 13:14:01 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3818E3A15C5 for <bimi@ietf.org>; Thu, 17 Mar 2022 13:14:00 -0700 (PDT)
Received: (qmail 98702 invoked from network); 17 Mar 2022 20:13:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=18189.62339687.k2203; bh=BTaHvQpAfAuABb40qgIDLuPAxpGAvjoYto7vo/V6qxI=; b=pyXTDuiYyftRaBfGQFk/dCh2FJHtmKrOScL8qSzU8oJJpQQMjpvKzKKu53tLs1eDQKjMCJlbUhppTHNBZEU0Rv06CI/QX+sOtSll7jC5fwoMhdDwCuZ8SVHJjJJSiF5LfCqmxxmKDhMSuaRXJghFijm9YKD14uXzzb0DZOncC6JrQaOQYSOqepzawuADMPviTMCPRr7DSkgIp/eVlf3rSiEdBuSTOGhpuSNapUE9Heu+PqNBfsMNVr5arFrBgaMCSq+G5OvR6nSIs2UBdbcGFfQDYqbyNxhS0KoULLCGhoQ7xc+PzkFfcv73ChLr2qsAipd8zcyeVK00mbUJamaHEA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=18189.62339687.k2203; bh=BTaHvQpAfAuABb40qgIDLuPAxpGAvjoYto7vo/V6qxI=; b=ByEC7YdGR4ScYZxNaF+jPz4IZ8HT/GPrLDij1WLbjmj6YPpNO0DgCvzT25Wdxc/QR8zFx7THT6ymF/on4F4/5nvcGoNunZJxLZDtl4fnxHL2vfOlCC1CHNSIzqNKRZVom6MN0pvqKoyTgTJ3/ND3AtmcSVsNns5A5W6MR/hWM9RmXW9lIhxAoAodZIG1yxaRlckSUK+rvkiV9QA0GFp6UySdsgTRb5Ja/RtbetW5kbhOD9IApTcJpZtRbY+5NGqM7KPur6LK2nYR7grmIUviFpoZEMb8r5afIf13WEDd09mm2/vj/jzOH47hM/qRr1rLTFXm8T01plVCczmvqVO+1Q==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 17 Mar 2022 20:13:59 -0000
Received: by ary.qy (Postfix, from userid 501) id 8AC473954C19; Thu, 17 Mar 2022 16:13:56 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id E1F613954BFB; Thu, 17 Mar 2022 16:13:56 -0400 (EDT)
Date: Thu, 17 Mar 2022 16:13:56 -0400
Message-ID: <46fbb64b-cf30-bd49-1f39-f5dcb204ae93@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Trent Adams <tadams@proofpoint.com>, "bimi@ietf.org" <bimi@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <B0FB719D-DF38-4D9E-B18C-C1D65EA7CAA4@proofpoint.com>
References: <MN2PR11MB4351832ACD2F68404D87275FF7119@MN2PR11MB4351.namprd11.prod.outlook.com> <20220316182949.1A3F73945349@ary.qy> <B0FB719D-DF38-4D9E-B18C-C1D65EA7CAA4@proofpoint.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/btoqxFf7Lwi3cVkQz0rC2FSivbY>
Subject: Re: [Bimi] MUA Evaluation of BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 20:14:07 -0000

> From what I can tell, the decision of whether or not an independent MUA should display a BIMI logo reduces to: "can the MUA reliably determine what the mailbox provider states to be the AuthN results of the evaluation they performed."
>
> I don't believe it's about whether or not the MUA trusts the AuthN evaluation performed by the mailbox provider; that ship has sailed by the time the MUA fetches the mail.  If the MUA starts second-guessing the veracity of what the mailbox provider states, all bets are off well beyond the purview of BIMI.

Well, yeah.  Remember that ARC is also only useful if you generally trust 
the system sending you a message with ARC seals.  The MUA can't tell what 
IP address a message was really sent from so it can't do SPF, and since 
mail systems frequently add tags like "external message" it can't tell if 
DKIM signatures were valid, either.

You can tie yourself in knots here but I really doubt you're going to end 
up with anything better than believe your MTA's A-R or you don't.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email