Re: [dmarc-ietf] There is no pony, Overall last-call comments on DMARC
"John R. Levine" <johnl@iecc.com> Thu, 04 April 2024 21:10 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E124C180B79 for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 14:10:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ev64aNB0HNc5 for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 14:10:17 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B62FC15154A for <dmarc@ietf.org>; Thu, 4 Apr 2024 14:10:16 -0700 (PDT)
Received: (qmail 45315 invoked from network); 4 Apr 2024 21:10:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; s=b0fc660f1736.k2404; bh=cwLHIvPCpkTpEh7xkjU+8pm742CKnwcN+pGvDa8ntzs=; b=wd82KwkMcAqFHclWqqBKNn0pFtRLlNoPeV/yjsB2vlGdkJnySXrM0Qhl8E1bJFMZN2fxjuiYgVA7Q1W1KAdJldt7x/AB5M6SLPufre0W2YMYuV29N7vXzlRgsCkXRHpl9T9lnyLG5YUBPyLzVcrEGtq3KqF++HOgg+7mW180Udt0Bnc2Py9JjTUKgnZyNSDBwdaY6sih49ZdioK3CiF8AKyMti9NFh33pzfcRwUe4ZrhlFu9QDc28LNVSPMWue2lfvIhrxDhSbZzA7C0ylUq//9Em7ByWq2N+C1NmVVC2TiOcSMVp9tgDxJhiEcqpdYvGQAoE8rQI2n70lMhJ6pWGw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 04 Apr 2024 21:10:14 -0000
Received: by ary.qy (Postfix, from userid 501) id 1F3B486E4F7B; Thu, 4 Apr 2024 17:10:13 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id DFC9086E4F5D; Thu, 4 Apr 2024 17:10:13 -0400 (EDT)
Date: Thu, 04 Apr 2024 17:10:13 -0400
Message-ID: <4dc1f24e-762b-5915-ea1f-5693660b6aca@iecc.com>
From: "John R. Levine" <johnl@iecc.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: IETF DMARC WG <dmarc@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <FCABED32-40FB-4BD7-AC53-718D10685F71@bluepopcorn.net>
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it> <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com> <f5f55a39-127d-4a84-a66b-950379ecb013@tana.it> <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com> <ebf343ed-ee60-47b0-a02f-8518a8369bb0@tana.it> <CAL0qLwagtzjYYJmyyGpMeMTtKLtYyk_JjagkXGtscvN61kSDbw@mail.gmail.com> <CAH48ZfyKE6n2Q_GfW8oZv9y=MxOBV8sRPPMPV8akHdu6W_jn1A@mail.gmail.com> <CAL0qLwbt7A-9dUGphs5KLUhygYEd+4aY4Jr10efKpHZXAqMfmA@mail.gmail.com> <CAJ4XoYc5HYHE0EGhFw9jef3JXPQ5HKdUoZf8RD+YqzepHsWFmA@mail.gmail.com> <CAL0qLwbUzscPbk1mGj-c9fPYtMu+0VmMOm1KR4sGOrY6xapCCA@mail.gmail.com> <80DC41F0-7AF9-4C08-9374-37626FCA2BB3@bluepopcorn.net> <4690f524-73a4-a549-12c5-a0744ccf2c94@iecc.com> <FCABED32-40FB-4BD7-AC53-718D10685F71@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2ZnlgdsKx7Yj_xSXi9znBoymteM>
Subject: Re: [dmarc-ietf] There is no pony, Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 21:10:21 -0000
>> No might about it -- ARC is only useful with domain reputation. Of course, DKIM is only useful with domain reputation, as were Domainkeys and IIM, so I don't see why it's a problem now. > > Much of the objective of DomainKeys/IIM/DKIM was to provide a reliable > domain identifier that could be used by a reputation system. They > avoided saying that they were doing anything about spam and phishing. > OTOH, DMARC is explicitly saying that it’s there to do something about > phishing. It was totally obvious at the time what DKIM was intended for, so I don't think that's likely to be persuasive. In practice, ARC isn't that bad. IF you're a really big mail system you can collect your own repuations, if you're not so big your users probably subscribe to few enough legit ARC signers that you can manually whitelist them. On my system I think there's about five. It's not like the general spam problem where you have a zillion new identifiers every day most of which are spam but a few are not. >> Our choices are to say here's what DMARC does, it has these problems, here's how to use it for the situations where it works, here's how to sort of mitigate the ones where it doesn't. Or we can stamp our feet and say DMARC is BAD and we will not endorse it and NOBODY should use it, and the rest of the mail world will say isn't that cute, the IETF is having a tantrum. > > Or we can say that it’s not ready for standards track yet. The only time I can think of in this space that we have stamped our feet and said something is BAD was with ADSP. But I am troubled by the mandatory requirements imposed by organizations citing an informational RFC, RFC 7489. It makes it seem like standards track doesn’t mean as much as it should. Well, ADSP actually was bad, and DMARC has reinvented much of what was bad about it, but unlike ADSP, it's used by every significant mail system in the world so we're stuck with it. I have heard somewhere that successful standards document actual practice even if the practice is not ideal. It's up to us, we can say nope, not a standard, and people will use it as a standard, or we can say it's not great but here's the standard, and they will use it as a standard. I know which one I'd do. R's, John
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- [dmarc-ietf] Overall last-call comments on DMARC Jim Fenton
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Standards Track? Yes or No. Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… John R. Levine
- Re: [dmarc-ietf] Standards Track? Yes or No. Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Dotzero
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Jim Fenton
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Tero Kivinen
- Re: [dmarc-ietf] There is no pony, Overall last-c… John R. Levine
- Re: [dmarc-ietf] There is no pony, Overall last-c… Jim Fenton
- Re: [dmarc-ietf] There is no pony, Overall last-c… John R. Levine
- Re: [dmarc-ietf] There is no pony, Overall last-c… Hector Santos
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Neil Anuskiewicz