IETF Logo Mail Archive

Re: [Bimi] MUA Evaluation of BIMI

Trent Adams <tadams@proofpoint.com> Tue, 15 March 2022 16:15 UTC

Return-Path: <tadams@proofpoint.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23053A0E70; Tue, 15 Mar 2022 09:15:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proofpoint.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8x_3b-xGX2n; Tue, 15 Mar 2022 09:15:37 -0700 (PDT)
Received: from mx0a-00148503.pphosted.com (mx0a-00148503.pphosted.com [148.163.157.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF6733A171D; Tue, 15 Mar 2022 09:14:49 -0700 (PDT)
Received: from pps.filterd (m0162103.ppops.net [127.0.0.1]) by mx0a-00148503.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 22FEs8A5013112; Tue, 15 Mar 2022 09:14:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proofpoint.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp-2019-08-07; bh=Bog3lL295dbLJPEP1j9TnT8WQ/D6NGFKk42tfSW2h3M=; b=VTiWyxq6NE3dLEdCF5iHZAsvvGnE2x7Bsu4bLz4tpUHxl1gF8ONS8VCPHHVxf8oK/sb5 z2Y7ls21cKfEBPjfF9SGQ1peswh8QkO2U10qhoMhVlQjwH88LT5WRClSdcfK3ao/rbso Sb1GgILX9U1OprNocI7VHSMDsXe+VpigSPo4s0unwdXad8uo3c6prudkMjeIPTYGSt8M yZTFvEHMLeFpCM4jxXzWKm2+yiydhHIxlbukgmIgJd8jQ0KmlOZIIq0bsX2x5WFfCT71 bsJtbFUvSZbaeIhTB3gZLtbZ+BbQ3XKf1FAnbsVsttg0o3/bATsLmQ1IdRJfSJGI6QXH yw==
Received: from lv-exch04.corp.proofpoint.com ([136.179.16.100]) by mx0a-00148503.pphosted.com (PPS) with ESMTPS id 3eruyjs4pg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 15 Mar 2022 09:14:48 -0700
Received: from lv-exch02.corp.proofpoint.com (10.94.30.38) by lv-exch04.corp.proofpoint.com (10.19.10.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2308.21; Tue, 15 Mar 2022 09:14:47 -0700
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (10.19.16.20) by lv-exch02.corp.proofpoint.com (10.94.30.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2308.21 via Frontend Transport; Tue, 15 Mar 2022 09:14:47 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GAsTkqir1aABwI1Z3s3lllm1R1wLLplF3BaqAbhuYNy8wA9m6RdG5enPKLqjxlJlSL0elnNsuUcHX6djME6pTPFas+NtP8C2FfWHLCT8Z3M5QS+ZcLOiErl8JFaKmoGmfk8V2MvYnUQ/YEa6IuQJ3GAqGGVEX4RW4ftHM6qAO8Bz3Cw3DDAqt1fcoqIf7TUUBdijYp6zecDnWzAVd3PgQFsgjPYqyUT3oPdnhXzRSBHrGyxAVb0jktyf9rIUHVsG1ojceBy8Q9ycoO6eWu5Ag+3/Qj4fOZYf0QwiLsHa28mk43TJ6dOTLHT3GjoaCtHPIMAMUD7zVX5c0VYaSsNoYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+X/iWt/zGc80gTZBEnpXKVwxiUsfPTIxQ3C+xutZFPw=; b=MgvgBGwZ90URpvoT3q0RAr8CniMIgEl87FlbiMIoAVJ45bBnOP37GuWzuuxVIzh8xShG0WQgAFcVnIbF939msKMQrHh7YjBM3N2wWLGwmlYv+l0jLACFOrNB/R1YdT+MJgU+tbDi9ZJ6ols1pC9lqUUiaKJQAVNTV8VkdY9+CWpVH3cxTEcWJiKNfHWpsUQenrg+Z29roitq9X7SPakRdCrZtZpQUdZIsArjAq/DFnsDqAv+z8XPOSWN6BrNkltMHoRxGsLuHZjkelNr4wD3r7sAZXRPycIFpX0E+LbdUVMxP1+ilz91kWBZHG7ti/V0Os4pPh+CdJc6eA3cgnme/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=proofpoint.com; dmarc=pass action=none header.from=proofpoint.com; dkim=pass header.d=proofpoint.com; arc=none
Received: from CH2PR12MB5001.namprd12.prod.outlook.com (2603:10b6:610:61::18) by CH2PR12MB4038.namprd12.prod.outlook.com (2603:10b6:610:7b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Tue, 15 Mar 2022 16:14:46 +0000
Received: from CH2PR12MB5001.namprd12.prod.outlook.com ([fe80::4d89:e9d3:abef:5ebe]) by CH2PR12MB5001.namprd12.prod.outlook.com ([fe80::4d89:e9d3:abef:5ebe%7]) with mapi id 15.20.5061.028; Tue, 15 Mar 2022 16:14:46 +0000
From: Trent Adams <tadams@proofpoint.com>
To: "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org>, Ken O'Driscoll <ken@wemonitoremail.com>
CC: "bimi@ietf.org" <bimi@ietf.org>
Thread-Topic: MUA Evaluation of BIMI
Thread-Index: AQHYNakS7cBGBKKcikGTe1q57Bj1Vqy/BUnggABVaQCAAOT4gA==
Date: Tue, 15 Mar 2022 16:14:45 +0000
Message-ID: <CB922168-3B56-488E-90DD-2591B064F9FF@proofpoint.com>
References: <7639D8E5-B8CA-48E6-B6F3-63BA091C3AC5@contoso.com> <VI1PR01MB7053B6AF625A5FFB2222F795C70F9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <MN2PR11MB4351276056888F77815E220EF70F9@MN2PR11MB4351.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB4351276056888F77815E220EF70F9@MN2PR11MB4351.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.58.22021501
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8441bafc-b7c2-4d38-ed60-08da069eec05
x-ms-traffictypediagnostic: CH2PR12MB4038:EE_
x-microsoft-antispam-prvs: <CH2PR12MB40389F0F1FAF68163E95A69EB3109@CH2PR12MB4038.namprd12.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c9WotF+Zjg00wB09LIu6gjU6atZOfoXYpVFiYSMivsLfOu9gBp2ZU98h0GdlqfaQx+sjYk4F0P58DdhKFmbujnl5qyxkQFOEkaswetpC37P84eJWgV3vYmHU98emEJExlWrg283ufEf758U0o0ATOgeoxaGBDEoVKjzaz9b9DKaomqsgZg3xUbXfwAFjKD9D2R+CWVzI4BzVtelHWrCJ8MZTeEoHLQjSKquk0lMD3lNYD2SD1jWm1jJctVeeiXzH4FRixJ30t3VwncvCSdY2Qmf9RIy/6oUNuxvQuNd4fviD1SZP0cnhQUvrirLXBL2VQTTRCcZ5v4pyGRT52ukUc30TH01QyazHij7Imlo4i2qwWDXxNA64DKmTmX/ec+qarBcBbDugQPD5NpmCeguxOYy5hNmytXkEdBDEUKgAahBrZeTRYv6A736BpetuTjlt1X4EgqI2a9as5bfTnc+PU+F2XNqurm/zAQ5ifeefJQAWA5OgeiSV9aqARJlWKv7shXFzXv4QaO90cL+tHHawrkLvDCHwaLxzaSSfiQ10GGtSvHhRC84Te9cYE9Y6lje9w1lkhT9ViTCTHWMnqgB2aIIktDF6KQnD6CZAPk0Ri24orb/SqGccrcGeKwrci5jOFITqCflFUDv9MsylDr7mfEY9KP2nywjvuFOY6DLBg9KpIXOeXjCzijvW/T1NFBizJEkUwiZ16O4aZ3Iw0wpuDFPzaLJOedrjd+t42+30c5Ma/XUTos+CYRX+ZNNNHZtA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR12MB5001.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38070700005)(110136005)(86362001)(122000001)(316002)(83380400001)(36756003)(186003)(66476007)(8936002)(66556008)(66446008)(64756008)(3480700007)(8676002)(4326008)(66946007)(76116006)(91956017)(508600001)(6486002)(71200400001)(33656002)(6512007)(53546011)(2616005)(6506007)(5660300002)(38100700002)(2906002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: L+rLfBg+NWQEufRC6wel5DAExmnsftoCaHT9JJ5Ts8wusDpQ3eCG+A/z58Iq03wDSp04IZjFTfqlBVOMve1k6XUoTh1mxAT6EcN9OhLu+Hk5EV01p2Qgp8e1wTPYjVvACVKwe7awStp6so3gyUZeS02DHPSa2FxJ5ah3mWV/qYtYImpxTEuvg6ZZUpkwzVp/l7t7rbQYvn+Xlf9Xu6bJt6jBbz0vyW5AJiqWaaG9ZbWDZ/I6vbM6nwKb/MsVxtUrb5XWo35NFByn6rkRD5ukK21+1rlnw4bnOmRWstjMyUuZWMUXOYVFVKUqfQ6Ze8SvGTsRgkkJTm7kbAmB9Utz2mzkQ1rZGRTvBbmzqsMKnAGkqqQkDJWNwnlfhS6iI1+jpCZH6ao4cHOpJj4awbqiJqzuXPDVfpsz/P3enNkLZ0KOHeyJCHEPB2K8R6xkhiNrmnEImSGaHuhrYBx2GH8oYY2Swnz7TPO4AA+wNI1Nk891sYd35Vy8B29UWVWyzBw2bZsOK8mgJKKmK+ljk3UnixhMiOn0egEhfmvXWiayMuLy6Ubhq3mElTZayTE5z5qA3eOY8x9Yw4PlWpsiU2bhOSSGHq0oh6Zmfd5emQ82rhqTPLTOc/hxSlOlJQXsl7Z03F+hI08e9kkWCew7N/ghdudY88AJZFFnuvwhb1QkZSnKEhHch/rfdMvAPpVz/PT1k2RT1xD9WMJBu3ZdCYEE5VMvuBwF6GnOEmFC+VpRNr1B9Kr4/OWxXPffdqqBmWFMAnHOQjS2pq5arKz0pG42ZGIKlOvv3l90hSc16XxouDfaSYVek8p76D52qjgfPWRWqOgkLxxfdQWy1TOxMAFFoZXpYJJ32W9yxHXzFO6lSHj/9q0iEOv3Lm1hHXs0MTn4CHLyTH2BpMmEtbIvEriJctntufgdKJoQjQjUwZi03QLEEV2dnBfsW+XKuY+HJbCW2Fdl/1zHLeCW6W7DpD7p8jMgeF3l7Ovhn2NOh41ihQI5/6Msq8Dhr97dIQDXbmBgD6dmxIRKPs2UC6i2k/tal7XhSRgTtn1EM/Qr6WZcsGifTd2XK6AElNvx5QIUW4+WcTvVaCE455rFwpdbixifJ+5vLEXbwjV++y1yqk6gu7EqnSOmuTcXc1v0RUroP/xWs698sHVwSfvS9wUX0c+lFLnTMZQPDwhPQ1DJVi05FBrJIkmC3gdu0atk9MKy+4/GXefL2fMjgyOMURzjxHTKv+oX/iuk2AdFM52k7GZayAOCK8SCXO9jGJ3K9rGPUTiM7EAyfm2l/YVjhlNQrg8SVm3+SxdUqByDkC32XHnUEceSJlS4joel7fKSyGQSToG6IFsvSaFgCgzZ/626Dn0LtJsdgewYNfC6djt6SwB71xLFz+rTylZO4vrJLle3B2RxHVuOJXi+BIDs28jlfXn0ULOjyf5ty6Kk1OPW6YXS+1atthRYR1SvIqkZU5VzDjOejYHe5Ps2KbPh6zuPSoIQoSORgzQFNDqyHQZPMA3fNVjf+hadx/h+cXr8C91gn7ZyisrAaAuKTPKI3LYG2Lh4LA==
Content-Type: multipart/alternative; boundary="_000_CB9221683B56488E90DD2591B064F9FFproofpointcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB5001.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8441bafc-b7c2-4d38-ed60-08da069eec05
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2022 16:14:46.0288 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46785c73-1c32-414b-86bc-fae0377cab01
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: t47gBgBbqyL0UA74Rm3Fv2LljTj9lrL3vfyGqawCHB42hc8FQa5DGAUs7rx1txaPyTFWnkBjMK/BWJGiA8WuMg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4038
X-OriginatorOrg: proofpoint.com
X-PassedThroughOnPremises: Yes
X-Proofpoint-GUID: vilFfmyIv6YhLCoji2WA_wFCZwtbTmgO
X-Proofpoint-ORIG-GUID: vilFfmyIv6YhLCoji2WA_wFCZwtbTmgO
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-15_07,2022-03-15_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 spamscore=0 clxscore=1011 malwarescore=0 impostorscore=0 priorityscore=1501 mlxscore=0 phishscore=0 suspectscore=0 lowpriorityscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203150102
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/yQRtGBmt5p02BiM_0fNvLyKyjOU>
Subject: Re: [Bimi] MUA Evaluation of BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2022 16:15:44 -0000

OK… what if we start from the premise that an MUA *MAY* evaluate BIMI, but in order to do is it *MUST* be able to trust the Authentication-Results header supplied by the mailbox provider (read: it there's no trusted A-R header, the MUA *MUST NOT* display the BIMI logo)…

Given that… What if the specification calls for the mailbox provider performing BIMI validation to ARC sign the messages they receive?  Would that be a useful way to preserve the A-R results such that the MUA can verify them?

Curious,
Trent


From: "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org>
Date: Monday, March 14, 2022 at 2:56 PM
To: Ken O'Driscoll <ken@wemonitoremail.com>, Trent Adams <tadams@proofpoint.com>
Cc: "bimi@ietf.org" <bimi@ietf.org>
Subject: RE: MUA Evaluation of BIMI

> It’s really up to the user of the MUA to determine whether or not to trust upstream authentication headers. There are already plugins for the likes Roundcube and Thunderbird that are parsing the current AR headers. ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍

> It’s really up to the user of the MUA to determine whether or not to trust upstream authentication headers. There are already plugins for the likes Roundcube and Thunderbird that are parsing the current AR headers.

I feel like an item that needs to be considered is that if you’re to rely on these headers, you need to have a reasonable assurance they came from the MBP for which the message was intended.  Do we need notes to describe how it is that the MUA is meant to evaluate that header and its origin?  Or is that beyond our scope?

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

v2.23.0 | Report a Bug | By Email