IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Dotzero <dotzero@gmail.com> Fri, 14 August 2020 17:04 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F7C3A0E3F for <dmarc@ietfa.amsl.com>; Fri, 14 Aug 2020 10:04:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQS-l-EZ0A_b for <dmarc@ietfa.amsl.com>; Fri, 14 Aug 2020 10:04:38 -0700 (PDT)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C03A3A0B31 for <dmarc@ietf.org>; Fri, 14 Aug 2020 10:04:38 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id g8so8046951wmk.3 for <dmarc@ietf.org>; Fri, 14 Aug 2020 10:04:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tSjOazK+xM1VybTEUqGGotLBH3M+oLh5gdgdc6cYJcQ=; b=YBkvQqKvmXARhUGy4xnS4xak7sRa0kSjgaxY28Wn0SpsL0yzC+CblkIl69QGwXOONb bM+8GQ+hKUybeHfRovYwpN44oHc3LAHHYsUGWtVr1si6DmwNUNLVdgZpk/C6gp8yVq+s Hjkuyz9MeRAkdgrtkNa7ytNfZkfnD6gn0wYR2i4tyqvUlFx2BAy8ap1gxM4PzDe0u++/ riq6P04aiJSlrJcoEkEEE0pxtO+utXSzH6K07dY2qhUYcVGsOvWAOOlUG2zlU9RdbFHo hVwgvC9Hnhyau4SxpILD3LOiDbj4FAPxYWet6++hGP2C2B5i7XbMt9YVlJwCHRTqVOVg QUAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tSjOazK+xM1VybTEUqGGotLBH3M+oLh5gdgdc6cYJcQ=; b=W7Zi2Bv6vo5WDx3a6SGFWnN+/46sFoV1GGdrr3YGvQfFWZocWRi8qvnneNqdXOccdy fER17108xHclN9/ijcgY5ztVegVBktgqShWYaHWbFRMIu1qEzgl2uVYhiAF4ad4cGqHc DTHQcoHS9RaWleX0ZOVljrUdI3rhCQMJKlYDgsrt6ENkGFCuOPes3iBioeYQrQsvr8hI obs+/cDztDczoDrKrN5ly88jwkjHpwd3ZvjBMYPROwOOBCWP7TF9wV3O/dAVK3iqyQik Iv2l2ixwO6SO12Z5QSrpuhq33pWpMX4ICp52X3XPWjqtf3J/kjlJmAHcWgigUIOdFBvX Kkzw==
X-Gm-Message-State: AOAM533HRc+VJy5eGrmv+aMY96ZAc2Xns4ZCWFZPIAe9mar3zjaXq9hW nZdTJorT4GipaMhwYezM/LCZtV1hhy3neiX/Y2VPpCxgY/M=
X-Google-Smtp-Source: ABdhPJzJE7zzXmZqEMgCncgMmtIBdErrsgKG8rnX8ltBhGBh97DUvzBBFT+cQm2WSr4k7DJ0+KPqwMZOPf2s3U5d3a4=
X-Received: by 2002:a7b:cf3a:: with SMTP id m26mr3556389wmg.25.1597424677022; Fri, 14 Aug 2020 10:04:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local>
In-Reply-To: <20200814164237.313071E971DB@ary.local>
From: Dotzero <dotzero@gmail.com>
Date: Fri, 14 Aug 2020 13:04:26 -0400
Message-ID: <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006dee0105acd96aec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-No1PXlEU_BzundICCCmUivXaq8>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 17:04:40 -0000

On Fri, Aug 14, 2020 at 12:42 PM John Levine <johnl@taugh.com> wrote:

> In article <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=
> g@mail.gmail.com> you write:
> >policy of p=reject. Domains should not be able to externalize their
> >internal problems to others.
>
> Isn't that exactly the mailing list problem?
>

No, that is the domains publishing a policy externally but not telling
their users "Don't do that" problem.

>
> >> Only if you believe that the domain on the From: line is automatically
> >> more credible than the one on the Sender: line. The whole third party
> >> problem is that the people sending their mail through lists or
> >> whatever are in fact doing so legitimately, but for various reasons
> >> their organizations' DMARC policies lie and say they aren't.
> >>
> >
> >I think you are misusing the term "credible". Domains which are publishing
> >p=reject policies are making an assertion regarding mail purporting to be
> >authorized by their domain. It is not an assertion that their mail is
> >"good" or should be delivered to a recipient ...
>
> No, it's an assertion that mail that's unaligned is unauthorized, and
> a request to reject it. For mail that their users send through mailing
> lists, that assertion is false and the request clearly not what the
> organization and its users want. This is what I conclude from the
> number of unhappy people to whom I have had to explain that their mail
> is disappearing because their employer told recipient systems to do
> so.
>

 "clearly not what the organization and its users want."

Who am I going to believe, the organization and it's published policy or
you?

>
> > This is why I made the point above that lists should respect DMARC
> >policy and not accept submissions from domains with DMARC p=reject
> >policies.
>
> Lists have been around a lot longer than DMARC has. Perhaps you meant
> to say that domains whose users participate in mailing lists should
> not publish restrictive DMARC policies. If they don't want their users
> to send mail to lists, they should tell their users not to send mail
> to lists.
>

I meant what I wrote. Domains who actively want their users to participate
in mailing lists or even passively accept that their users participate in
mailing lists shouldn't publish p=reject for the domain their users are
sending from or should take steps to migrate the users to another
domain/subdomain, etc. Conversely, if a domain IS publishing p=reject then
yes, they should be taking steps internally but I also believe others
should consider that domain's published policy as intentional and act
accordingly. I've never heard of a DMARC policy getting published due to
inaction. Someone with administrative rights actively published that policy.

>
> There are lots of organizations that actively want their employees to
> participate in the IETF, to the extent that they give them paid time
> for IETF activities, yet publish p=reject policies to cripple that
> participation. I wish they would make up their minds.
>

Me too.

Michael Hammer

v2.23.0 | Report a Bug | By Email