IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

John Levine <johnl@taugh.com> Sun, 16 August 2020 02:19 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 534803A0B91 for <dmarc@ietfa.amsl.com>; Sat, 15 Aug 2020 19:19:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=JFT8Q+Iw; dkim=pass (2048-bit key) header.d=taugh.com header.b=Lu2/cIDu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2czvvtVo4Q8z for <dmarc@ietfa.amsl.com>; Sat, 15 Aug 2020 19:19:00 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 883363A0B65 for <dmarc@ietf.org>; Sat, 15 Aug 2020 19:19:00 -0700 (PDT)
Received: (qmail 16726 invoked from network); 16 Aug 2020 02:18:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=4154.5f389791.k2008; bh=iSWAb8dYLgoVqmOwrFYPgazw3B1UatM7QAAtIRLezEI=; b=JFT8Q+IwX3olASk3b4avmYRlX1wiqfF2fZJpyGWh0fm+Zk3hprdyFxyYsiIgaxH+erRgpCtbQItva8FQxecr/QljK9WHtTY4KNetKpxb/s54uR24hjMrHiNGK/vB9aF8zbSzcvB4K1rIw/P49yCwUZjinHg9FZP6rS7d4MTF0cA+KjGXee18U2ujl+rr4ccTLzISear9JtIpLSnvyh+1V+BAJQbk8oZJUb4bhwNcySjMKyjFR8iRYjZVjFtBgbAaz4wxHM5eGz+w6k+7hjFlfMoERCz4SUZp6tcF4mKXxpA7ay/W/lVyYOmXvAR/3mhfGjkk+1/a/L1ShDPSKV/mog==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=4154.5f389791.k2008; bh=iSWAb8dYLgoVqmOwrFYPgazw3B1UatM7QAAtIRLezEI=; b=Lu2/cIDuUCOVFkUcWe2RZZpB8T67FOrSyLeQOiLSo7mEyECmY1c1dCwsfNUxGPDBzF/JJtMNwytPzZXIOQwaSHpPn0NI7tiKUKYOxOz4xw6KmfDCXBCMLM8Rh8y0/nZdUerZM99Ur6PeASbsM4rfGoT80k7w4oKNGLxc8L6m1dvj+USD+9urkMlJ8XGpnThgt8hWmt4pvP+Cu/T1B0gB1WSCeg1wLYqnh+vHxClJhVfg5kwIOHoMwRZKVqW0W4KYbVQOewEVxazGfvaSQ79iMdib1M+r+v4bgVCWXdLJG18RBu+Kpgqf3j376En3pNku67N/OR+4gNBEyyxI380nXQ==
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 16 Aug 2020 02:18:57 -0000
Received: by ary.local (Postfix, from userid 501) id 9FADE1E9EE5F; Sat, 15 Aug 2020 22:18:56 -0400 (EDT)
Date: Sat, 15 Aug 2020 22:18:56 -0400
Message-Id: <20200816021856.9FADE1E9EE5F@ary.local>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
In-Reply-To: <c45b61d902e04be48abe3a4bede67692@bayviewphysicians.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/0tjZammcfy2XHuYnOrtoMhMlTiY>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2020 02:19:02 -0000

In article <c45b61d902e04be48abe3a4bede67692@bayviewphysicians.com> you write:
>-=-=-=-=-=-
 
>But are your really arguing that no one in the Mailing List business paid attention to 
> the concerns about the fraud and spoofing problems with email?

I am unaware of any mailing lists causing fraud and spoofing problems
in email, so no more than anyone else. (Sending along real mail in
ways that DMARC cannot describe is neither fraud nor spoofing, of
course.)

>This morning I had a conversation with the CEO of a company that was hit by ransomware which arrived with the help of a
>single email.   He is slowly getting his company back after paying a lot of money to people who want to destroy us.

I think you would be dismayed how little of that would be stopped by
more stringent DMARC policies. They use lookalike addresses, or they
depend on MUAs that show the From header comments rather than the
addresses. I once saw a very slick spear phish where the crook
registered the victim's domain name subsituting "rn" for "m".

R's,
John

PS:

>My comments about From validation were based on the wording of the RFCs, so I stand by what I said.

I hope you will forgive me if I do not accept your interpretation of RFCs that I wrote.

v2.23.0 | Report a Bug | By Email