IETF Logo Mail Archive

Re: [dmarc-ietf] Signaling MLMs

Dotzero <dotzero@gmail.com> Fri, 14 April 2023 23:31 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8748C151531 for <dmarc@ietfa.amsl.com>; Fri, 14 Apr 2023 16:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFlPem5RFuem for <dmarc@ietfa.amsl.com>; Fri, 14 Apr 2023 16:31:26 -0700 (PDT)
Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0550C151539 for <dmarc@ietf.org>; Fri, 14 Apr 2023 16:31:26 -0700 (PDT)
Received: by mail-ua1-x931.google.com with SMTP id x12so6292406ual.10 for <dmarc@ietf.org>; Fri, 14 Apr 2023 16:31:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681515085; x=1684107085; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=n95SOIYUkMen40kPnGfdzi4yGf/Em7COdop3PBfv1IU=; b=dKB0NN810+wMGzAXGzvYyspVmc0oKOMtvCicrVea+hjDEXaqp3OU8/HiMhpk/c7V8/ /VtHhdCOAUnZgK5FqLP2UFuKTSLpGMAi2sX9zlfqPEQpj6A5KhMDmKV2BtIz/+YkhEzD mew1vr3fnbhQYN7Zw7hA+v4od8yVGfE1KQE/wssxyqESHq358w1UUqLjJZahra8rlX/j +ln4j31PkVYf6ccBaQW3PqLpY5VBLoPOYGmlz7UHZ8XOkphgW74YJk2KL6+0cbyZ85E+ 2NiC34YdIkg8yySIzHCjK7Yzzoryc7uoVf+5zSIVDJ/LiLnqKHGM3tIEsVapXgha3AcR mHGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681515085; x=1684107085; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n95SOIYUkMen40kPnGfdzi4yGf/Em7COdop3PBfv1IU=; b=M0gDyObgg8lNzulQ2Ej+xQlPHnXhEdpqUt5XQ5/VE+GOFOoJCqMG0YWZeQhtX43/7u rIwxSb8FV/26LbdwVmWIcHP1ePHLCGWYKzbup2bVX5tch4VydHpkNfyZeX+ZaJk2HhM7 0LxXJ2TJE32A9Nusip+Jh0M2iBW+09n7chGJK/U9H8li4Yb5WwhYVkLhUn0KD+DxbnR3 Ut3spqx81gfMOhtCD4mns+2tLf/yrTP3Rcbp4/cbRVP/debIWGHgTq67YlWGoi9+b7Rx PBcnZzsW9P06UHhWrvTIQ5+7KVr3LghcGlr9BvuJJhmMOtUVhltKsrgSYi2dj1LcD6J0 6VVg==
X-Gm-Message-State: AAQBX9d0zXOhXBu6WoKyRnzCO/Xw/zMJcY/ESIHj4IjVI2nqFPThatKr 628sQEj68mKuhXf99jt9OBtzaijLkbZCA7hSyLqq+jzJ
X-Google-Smtp-Source: AKy350YSfgYISbyZ3uoIJtMXaop/vCHjCY1oM1uJn7QpZ81RhIN25JQkG+Tb9F9TFYwUIcoGUsRsLdV3RAnzEioLN/s=
X-Received: by 2002:ab0:31d8:0:b0:76e:7dd0:43b9 with SMTP id e24-20020ab031d8000000b0076e7dd043b9mr4331195uan.1.1681515085172; Fri, 14 Apr 2023 16:31:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwZc2X7tyP+_8vvL3Yb7uJk6td3XGbsXUB68BNUEMhV4yQ@mail.gmail.com> <8d970e6b-8fa7-da85-5c47-d485abbc43be@crash.com> <CAL0qLwZJjBq0T8kODJifTT10ttJJE2Bof5kJZACRTwyauzwQ6A@mail.gmail.com> <CAJ4XoYcHeFe0kS9QHz4fP5TbOMOiW8mJaiNYx+Yk8keZYW-yDQ@mail.gmail.com> <b6a2b444-de02-9833-fe7b-fc9ad542f900@tana.it> <CAL0qLwYwcXTBzqd=3sKwtZJUsEYO5kfv9V-CZtVHz2TQ78v=0g@mail.gmail.com> <909C826B-2745-4BE8-AD16-920E6DE86D1C@kitterman.com> <329db752-fdeb-7633-ede1-06e435db1c0e@tana.it> <CAL0qLwa=cA7426zgNJQFDBBqOKA6KXyBGAE4TOy=C+c9+JUY3A@mail.gmail.com> <168596BD-B688-4AF6-87E8-B25F9D2BD663@isdg.net> <CAH48Zfx0yXefioHoQi_Jq6hbMotcQZsDAhD5cXuBTRSxn2wXbA@mail.gmail.com> <C134972F-EAEA-4FA4-B65A-24B53338E5DD@isdg.net>
In-Reply-To: <C134972F-EAEA-4FA4-B65A-24B53338E5DD@isdg.net>
From: Dotzero <dotzero@gmail.com>
Date: Fri, 14 Apr 2023 19:31:13 -0400
Message-ID: <CAJ4XoYf4Oac61J41FaSi4PCNwpFiOhWm90TwasNvrp91yeW1UQ@mail.gmail.com>
To: Hector Santos <hsantos=40isdg.net@dmarc.ietf.org>
Cc: Douglas Foster <dougfoster.emailstandards@gmail.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Alessandro Vesely <vesely@tana.it>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000056163f05f9543d44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/1nK3BbHyAX8OSBMGj4w87IvhNTA>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 23:31:30 -0000

On Fri, Apr 14, 2023 at 5:55 PM Hector Santos <hsantos=
40isdg.net@dmarc.ietf.org> wrote:

> Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic.
>
> DMARC says that any FAIL calculated via SPF or DKIM is an overall DMARC
> failure.  In standard boolean logic is it an OR condition:
>
> IF SPF FAILS or DKIM FAILS Then Reject.
>

You have it absolutely backwards.

DMARC says if either (aligned) SPF validates or (aligned) DKIM validates,
it passes.

Michael Hammer


> On Apr 14, 2023, at 5:44 PM, Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
> Hector, it sounds like you are saying that SPF is all we need, so scrap
> DMARC.   If it is something else please clarify.
>
> Doug
>
> On Fri, Apr 14, 2023, 4:44 PM Hector Santos <hsantos=
> 40isdg.net@dmarc.ietf.org> wrote:
>
>>
>>
>> On Apr 14, 2023, at 3:20 PM, Murray S. Kucherawy <superuser@gmail.com>
>> wrote:
>>
>> On Fri, Apr 14, 2023 at 10:20 AM Alessandro Vesely <vesely@tana.it>
>> wrote:
>>
>>> On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote:
>>> > On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" <
>>> superuser@gmail.com> wrote:
>>> >> On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely <vesely@tana.it>
>>> wrote:
>>> >>
>>> >>> Heck, MLMs should start rejecting messages sent from domains that
>>> publish a
>>> >>> blocking policy *when they fail authentication on entry*!!
>>> >>
>>> >> That's not enough to avoid the damage we're talking about.
>>>
>>> Agreed.  Yet, it is a sane half-way between crazy rejecting always and
>>> completely ignoring ABUSE.
>>>
>>
>> Both DKIM (certainly) and SPF (I'm pretty sure) advocate against
>> rejection of messages merely because they fail authentication on ingress.
>>
>>
>> And respectfully, SPF always had a strong reject, hard fail policy
>> concept since it's LMAP R&D upbringing — immediate rejection, 55z rejection
>> code.
>>
>> Why Not?  It was optimized.  It served a purpose to address spoofs.
>> Partial, Neutral and Unknown results were possible. That was suppose to be
>> feed to a heuristics, highly subjective Reputation Engine. After exactly 20
>> years of data, SPF rejection rate is 6.3% of the incoming rejection
>> reasons. https://winserver.com/public/spamstats.wct
>>
>> I agree there are better solutions, but they're not yet developed.  As
>>> ugly as
>>> it may be, From: munging is the emerged solution.  It is a _fact_.  Now
>>> repeat
>>> again that the IETF standardized facts, not theories...
>>>
>>
>> Let's put the challenge back on you: Where's your evidence that From
>> munging is the emerged consensus solution that this working group should
>> standardize?  Where is this _fact_?  If we advance that as a Proposed
>> Standard, the community will quite reasonably ask why we think this is
>> true, and we're going to need to be able to answer them.  If working group
>> consensus agrees, then away we go.
>>
>>
>> As much as I am an original mail engineering purest (anyone here ever
>> work with Fidonet?) and therefore consider it to be a fundamental taboo to
>> destroy originating copyrighted authorship of anything, the MLS/MLM needs
>> to evolve to handle the various 1::many broadcasting distributions under a
>> new security umbrella.
>>
>> Because the current DMARCbis umbrella ist not providing 100% coverage,
>> for the MLS./MLM, it needs to do one of two things;  restrict
>> subscription/submissions or strip the security and rewrite the copyrighting
>> authorship, perpetuating a potential harm including legal.
>>
>> The latter is not preferred.  The former would be normal part of a
>> protocol complete algorithm. You would do the former always.  It’s the
>> easiest.  No need to modify the MLS.  Just the MLM low code provisional
>> scripts.
>>
>> —
>> HLS
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email