Re: [dmarc-ietf] ARC vs reject

John R Levine <johnl@taugh.com> Sun, 06 December 2020 02:22 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B6133A0AC5 for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 18:22:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=MFTvTpSn; dkim=pass (2048-bit key) header.d=taugh.com header.b=hIAum9Hu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzI_Pl5MCLO8 for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 18:22:22 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B1A53A0AC1 for <dmarc@ietf.org>; Sat, 5 Dec 2020 18:22:22 -0800 (PST)
Received: (qmail 36621 invoked from network); 6 Dec 2020 02:22:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=8f0b.5fcc405a.k2012; i=johnl-iecc.com@submit.iecc.com; bh=3pM/psxG7K7AiYMPlFKi3yCZCJuMnUWi5dI3n4DntMo=; b=MFTvTpSnXl9sk/00wRyTJcmDl5LRXJ/TuIXlNmLEwVAbZEDXj6G1h9YJ8LN+dgeXbVs2ywqXjN5yRs77K3HPb5fw0M21sbp/3pv6dRcwH1MeC8wNY46CXfAOYIMl7MDHTviZ/BJlhxmjJV4apdj9yilEe+ZNM8obgB3Gyte9h2/jU1icV+w5xecQnUNRIoXlyRWoWQ7nPxhS4QpV4alBD/jdCB4lmnYcrGJejLm+3WWXweM8NLGf1GBi/e/XE1APNJOkfCNEdE6DIB/GJ/TTZwqMVkGu6S1EFU048Fqn55JnAHI8ofyNlI6viawJWiB5yt6xgqy8RL68gOi66jibXg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=8f0b.5fcc405a.k2012; olt=johnl-iecc.com@submit.iecc.com; bh=3pM/psxG7K7AiYMPlFKi3yCZCJuMnUWi5dI3n4DntMo=; b=hIAum9Hu3+eRjkXHlAbcAf8XqV+Ltv9LwJ7gKWsyhbZm99PXcIT3Kf5MLOtYOnLvVYyZBKUBta9a/9DRoaJsDHm8KRCUrSPbehKXRw4KsBiAhUctqVqbtcdp3kNuOGYlPwLWmrinhSaynMxUx2LMBhrrVjL6j3JAfJTlcjknw3Ts+4BKF+Sg4yOmSwmhzDFX9InAKQAIUz7g6j2Zkb0lP+fzRkvpE3YAx5CCWpwZ/jA/IU1qjHRse7/1keWAGSQTa+KU6fRP8EEmF57pA9iR6+6NorarESg44MTGQF+nPEfUmkA+YSfVb/Y99lHsu8Yn8m1/F87R+XeswwUzsoDCUg==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 06 Dec 2020 02:22:18 -0000
Date: 5 Dec 2020 21:22:18 -0500
Message-ID: <9c23d850-4164-1320-1c25-40554c1f64b@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Jim Fenton" <fenton@bluepopcorn.net>
Cc: dmarc@ietf.org
In-Reply-To: <28759E60-3A00-4D25-9490-34495B96EE10@bluepopcorn.net>
References: <20201205210351.DB78E2904420@ary.qy> <28759E60-3A00-4D25-9490-34495B96EE10@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-853666523-1607221338=:46099"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/1yvwigue1xL_z8efiakehJ33tf4>
Subject: Re: [dmarc-ietf] ARC vs reject
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2020 02:22:24 -0000

> If a domain publishes p=reject, they’re requesting particular handling of a 
> message they originate. ARC modifies that, which is good for mailing lists 
> and similar intermediaries, but depends on a list of trusted intermediaries 
> that is not under the control of the originating domain. That increases the 
> attack surface for DMARC considerably.

Not if the recipients use ARC reasonably, e.g., only on mail from hosts 
with a history of not sending botware, use it to see whether a message was 
originally aligned.  Anyone who misuses ARC is going to have worse spam 
leakage than anyone can fix for them.

> The question I have is: Should DMARC have a policy (or policy modifier) that 
> says, “Do not accept modifications to this message?” In other words, that the 
> originator values the integrity of their messages over deliverability.

Of course not.  That's just the tiny gorillas stamping their teensy feet. 
Why would anyone expect that the people publishing that flag actually 
understood what it meant?  Many will just turn it on because someone said 
it's "more secure."

A lot of this boils down to what if some entity sends signed valid DMARC 
aligned mail but somehow doesn't mean it, e.g., an internal policy says no 
mailing lists but their users participate in lists anyway.  If they can't 
control their own mail system, it is not anyone else's job to do it for 
them.

R's,
John