IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

John Levine <johnl@taugh.com> Fri, 23 June 2023 02:18 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64AB9C17CE99 for <dmarc@ietfa.amsl.com>; Thu, 22 Jun 2023 19:18:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="UII62/3d"; dkim=pass (2048-bit key) header.d=taugh.com header.b="mBbr7JX8"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6Zj1-RA8m_7 for <dmarc@ietfa.amsl.com>; Thu, 22 Jun 2023 19:18:14 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85BAAC17CE8C for <dmarc@ietf.org>; Thu, 22 Jun 2023 19:18:14 -0700 (PDT)
Received: (qmail 43261 invoked from network); 23 Jun 2023 02:18:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=a8fa.649500e4.k2306; bh=zRWDfMOD+Zkn8lc3YqA+uvWheF7jKAABXpxZcH0IOCs=; b=UII62/3dPOJwItVvlxG4go7Ar4yzfTf8WTFhMvf2vI2HW32mZj8epkNvUDFnDXUtMliJArDt6vXoXM/9+NVzMDjiBKTwGcB/8GXRSr4I2WWXAySvYq4eM74sr5DqCrs2JTfnVsj6f4MQANz/Ko5ERz/o8zKu2xvBZ/oB12dtm0GcPAPEGxOzOGtYGlZ3CJLm4FZ84UJNqvXfBspTcC9BB9qXpa3PycpE4+qRrnrm+OUvikn4MzOGASeiP7h7A42s7SyWJT5haBCAh5lWFRq/DcNHHWnn9hmbUhecCi8WyLvvd8GuQz5CVXxZ/d/ih+2m0//lQh1ZT+sCDKMkmdyyMQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=a8fa.649500e4.k2306; bh=zRWDfMOD+Zkn8lc3YqA+uvWheF7jKAABXpxZcH0IOCs=; b=mBbr7JX8FOL7NkZwo7cHAdyikc+e6ZHC+leMQLUTpbq29AGNk7aC3pLU1UgCNzmBbwfpvlGEpAEAZUiA6tB7WTYoKF2A8WkOjmTCCv+Bk8DrMtZNDV5dVKFnfKIiblPBKBnpjuKAMtsQXQRx2Xz1khK44CWJabX2qjP0r4AcMa9uPAR8RhT5Vy5tcMijdVpbeezde6ekYDR2h24BIzMrAkfx1PFmfdiGt+BK6m7ZZaV966cV0wGnoUSQyy1RmLTMwMrpuwEFZw7zVHnZD497ptYMcIKGITjOCag/ih3zOq9zpP7AZ3Zd1D93MA4YNvW3TjbEqXxFS92MWIt6jfCDvQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 23 Jun 2023 02:18:11 -0000
Received: by ary.qy (Postfix, from userid 501) id E5F8DF9B3B94; Thu, 22 Jun 2023 22:18:10 -0400 (EDT)
Date: Thu, 22 Jun 2023 22:18:10 -0400
Message-Id: <20230623021810.E5F8DF9B3B94@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: emgu@google.com
In-Reply-To: <CABZJ8kmg75qo70V-N65b6C4w+g7gX0ehv3CsqG-765BbBGcn=A@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-hMXrl5ONvlIOSXa6sZ9_iMcBmo>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2023 02:18:19 -0000

It appears that Emil Gustafsson  <emgu@google.com> said:
>I don't know if there is a better way to encode that, but I'm supportive of
>making a change that that would allow domains to tell us (gmail) that they
>prefer us to require both dkim and spf for DMARC evaluation (or whatever
>combination of DKIM and SPF they desire).

I really don't understand what problem this solves. More likely people
will see blog posts telling them auth=dkim+spf is "more secure",
they'll add that without understanding what it means, and all that
will happen is that more of their legit mail will disappear.

If you're worried about DKIM replay attacks, let's fix that rather
than trying to use SPF, which as we know has all sorts of problems of
its own, as a band-aid.

R's,
John

v2.23.0 | Report a Bug | By Email