IETF Logo Mail Archive

Re: [dmarc-ietf] New Version Notification for draft-levine-dmarc-listugh-00.txt (fwd)

Mark Alley <mark.alley@tekmarc.com> Mon, 14 August 2023 02:20 UTC

Return-Path: <mark.alley@tekmarc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D8CDC14CF1F for <dmarc@ietfa.amsl.com>; Sun, 13 Aug 2023 19:20:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tekmarc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0RcYOmaCD_UC for <dmarc@ietfa.amsl.com>; Sun, 13 Aug 2023 19:20:19 -0700 (PDT)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47EC4C14CEFE for <dmarc@ietf.org>; Sun, 13 Aug 2023 19:20:19 -0700 (PDT)
Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-26928c430b2so2020535a91.0 for <dmarc@ietf.org>; Sun, 13 Aug 2023 19:20:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tekmarc.com; s=google; t=1691979618; x=1692584418; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=OXR7WA0aciIS/ph6EPs5+YOwlWGW4lT1/58ZEJdKtaY=; b=Fcf4RYycA333em0+ZLvVagwWtiNjvQKE6gN/zIHO4DeANU3bKuML2zx6xSlgjT5zEy oiUfFrmEO95e7omDgYdGu20YAtjetZoRZz9BkfD2LRckCBFiiiZrT3EoyBs+hHSjivwQ UP3zZFOmYMAALsSudLvKLxQhRV6JlcFuRZ2gwJa3bGhcfsgrBV45mEXFCBtZ296t5QWa SWl3jqJ7MoQs+8gnmIIKRsLQiCBuyjHys1yb4n8hMECvIDZlVL+b7Wu00S1/EyqJSQY1 2MVp4/zD2qGKN007zO8QKEZMKtJK6dCIJGoivzdy9RKyOhVs80p/iMDs+cyY0N62qlSX H2wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691979618; x=1692584418; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OXR7WA0aciIS/ph6EPs5+YOwlWGW4lT1/58ZEJdKtaY=; b=N5o15ZsUDbcPpzTH3uoIAgYwEJgDlXoJDv+UcHCzS8/v5LCJl8ydwErUvFw8NCOx5N UwhgTVyCpEsynIhRdSN/uv0YlM4FR9rqv8vvi7+PJUp04bQchNZCrzW9RnpTW/xKx1FG nAXLFAS7MP5J/fjKM0yMqqyE7BLsc6CjIkRzxkEGqKklqJbhwh3UfarYw+1JGCkBpHDc 9du6yzYPYAoC+3RI8XN3LjgfPcHUhfzAGAx/VW3SW2wax4iFN9Sl5XOZqKHYGPlGuxXi dPB5FFY+8yKDIMZruDpJZIS1+pjNbVJVr+wSauhNfWAOjeAVw5rpxeqCl655GRriAh+x hgHw==
X-Gm-Message-State: AOJu0YxVlkGhdrfEbjteowVOiUUFC+QzEV3/owrr0bCGfPsdRa16nzLh t1XghuDovXeRIS7RnGGtA2ia9mGEmEepATBsZiRsjDyuT1/WransoHU=
X-Google-Smtp-Source: AGHT+IHb8yYPDkK1LlendIvDAMAEFoGsFJVGiHwcRmxw1D62Spj1HS1nUNiQ6Ckaw3D8Aorqj5rda6FyioEyfqrN53A=
X-Received: by 2002:a17:90a:bd91:b0:268:a691:412f with SMTP id z17-20020a17090abd9100b00268a691412fmr5513350pjr.39.1691979618307; Sun, 13 Aug 2023 19:20:18 -0700 (PDT)
MIME-Version: 1.0
References: <5f94a895-f57b-564d-a646-a7c605c95c74@taugh.com>
In-Reply-To: <5f94a895-f57b-564d-a646-a7c605c95c74@taugh.com>
From: Mark Alley <mark.alley@tekmarc.com>
Date: Sun, 13 Aug 2023 21:20:07 -0500
Message-ID: <CAP1hoySFwr1z3gmSPLTi9aTZOVtpweHjrLdFcpWKPOdUX41p=A@mail.gmail.com>
To: John R Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001de4050602d8b48f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/141G95QSHpgg0g5dhgD_Az7wrgE>
Subject: Re: [dmarc-ietf] New Version Notification for draft-levine-dmarc-listugh-00.txt (fwd)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 02:20:23 -0000

+1 It looks good to me.

Just a side note on the ARC section - from a consumer's point of view,
several mail systems and filters today do have the option for ARC overrides
on DMARC failure.

Many come pre-configured with trusted sealer domains (most are loosely
based on the ARC GitHub community sealers list).

Others, such as Microsoft 365 and others, provide an administrator DMARC
failure override capability via ARC, but relegate the sealer trust for the
DMARC fail override feature entirely to the customer with no pre-configured
(known reputable) sealer trusts.

So, an M365 administrator not only has to understand what ARC is, and how
to make it useful, but also who to trust based on their own interpretation
of a sealer's reputation, which, as we already know, not all receivers and
operators have exhaustive data points of which to make this determination,
nor the processes or resources to do so.

Most of these admins/operators (especially in the case of a service like
M365) are usually consumers utilizing the service with cursory knowledge of
the inner workings of email authentication, which only compounds the
problem of ARC's effectiveness and adoption within similar services when
the protocol is used this way.

-Mark Alley

On Sun, Aug 13, 2023, 4:25 PM John R Levine <johnl@taugh.com> wrote:

> At the S.F. meeting I said I'd write a draft describing the problems that
> DMARC causes for lists and forwarders.  Take a look, let me know what I
> got wrong.
>
> ---------- Forwarded message ----------
> Date: Sun, 13 Aug 2023 17:23:52
> From: internet-drafts@ietf.org
> To: John Levine <standards@standcore.com>
> Subject: [standcore.com-standards] New Version Notification for
>      draft-levine-dmarc-listugh-00.txt
>
>
> A new version of I-D, draft-levine-dmarc-listugh-00.txt
> has been successfully submitted by John Levine and posted to the
> IETF repository.
>
> Name:           draft-levine-dmarc-listugh
> Revision:       00
> Title:          Mailing lists and mail forwarders vs. DMARC
> Document date:  2023-08-13
> Group:          Individual Submission
> Pages:          7
> URL:
> https://www.ietf.org/archive/id/draft-levine-dmarc-listugh-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-levine-dmarc-listugh/
> Html:
> https://www.ietf.org/archive/id/draft-levine-dmarc-listugh-00.html
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-levine-dmarc-listugh
>
>
> Abstract:
>     DMARC introduced an authentication system intended to detect and
>     deter domain name impersonation in mail message From header fields.
>     Unfortunately, DMARC also has caused severe damage to mail forwarders
>     and discussion lists.  We describe the damage and some of the
>     workarounds.
>
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
>
>

v2.23.0 | Report a Bug | By Email