IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

Alessandro Vesely <vesely@tana.it> Sat, 15 April 2023 11:29 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 240E0C14CE5D for <dmarc@ietfa.amsl.com>; Sat, 15 Apr 2023 04:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b="W0xQU7nt"; dkim=pass (1152-bit key) header.d=tana.it header.b="C26aRloU"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ue9o3d1Q_p-4 for <dmarc@ietfa.amsl.com>; Sat, 15 Apr 2023 04:29:36 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E740C14CF0C for <dmarc@ietf.org>; Sat, 15 Apr 2023 04:29:31 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1681558166; bh=dMd1T5fqMFHIpHDQS94b6VElpkjVeurL3pmoJknoLWc=; h=Author:Date:Subject:To:References:From:In-Reply-To; b=W0xQU7ntoblj7xKpo4jLKRjbOP4YrthZRswZSMGWeWiFNfBuAkACwf4i7ldiip7BU 6mp5q42c/QAg/BZr2uRDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1681558166; bh=dMd1T5fqMFHIpHDQS94b6VElpkjVeurL3pmoJknoLWc=; h=Date:Subject:To:References:From:In-Reply-To; b=C26aRloUyVAWjZm7vvPXlAony9wvZphtP92c6A8w2ISqYFUkBWqqb5jG6E5Jq8fs3 doaHE/kcHq2hM7FvX02EOADBDKhtvVmcJZkX8oOu6m+RSDJMJ4pr589b57Pyn5+KqM WmHONdFIGR0PwHCzIDfdRaCZhjbJCvsavSyVzLN5Pnpg0u1F7eZR/gowouTde
Original-Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0DD.00000000643A8A96.0000296E; Sat, 15 Apr 2023 13:29:26 +0200
Message-ID: <a079686b-2e9b-8f8f-f702-d06ae721e8e3@tana.it>
Date: Sat, 15 Apr 2023 13:29:26 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US, it-IT
To: dmarc@ietf.org
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <13603D87-4FDE-4768-9712-E6DB0818C802@kitterman.com> <CALaySJLY-9O1Wauk50WMMobNs3cKUzmB+=np080nYCHEZa32UA@mail.gmail.com> <3129648.WqDQmVRvLn@localhost> <CAJ4XoYe3Z8=G8H6hQFuiMMwfZQt1JvLpK3bQmrtGCz=b-w=CJA@mail.gmail.com> <86E22FA6-759F-40F3-AEA3-119EE90F64A0@kitterman.com> <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com> <CAL0qLwaKO5A_OSjod00msw+8EALOUqYzeXb_aPjVhQ2R1wZKJg@mail.gmail.com> <def03c2f-25ec-d3f1-1ea5-678b16369f61@tana.it> <8D2F4B6A-2E72-4763-8B1F-719236B21D1E@wordtothewise.com> <CAH48ZfxP3F0jueQwsFyXBUojQryO2NOhCZzKxbLiZMHW3h10Zg@mail.gmail.com> <5ABFFAF7-4B03-4CCC-81C2-303A6B6F506E@wordtothewise.com> <f5a510b6-553c-e07c-c249-03a68c3cc60e@tana.it> <899E29E9-71E0-49DC-A3C4-746766C7EC67@wordtothewise.com> <CAJ4XoYftxv21D7mhXdRzg+f4Qo99Y=qcZ+eK5_PvPv62hVbM_A@mail.gmail.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <CAJ4XoYftxv21D7mhXdRzg+f4Qo99Y=qcZ+eK5_PvPv62hVbM_A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2nIZDDwvdWU_Sr1G2xwP2rPnZNY>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Apr 2023 11:29:43 -0000

On Fri 14/Apr/2023 21:36:54 +0200 Dotzero wrote:
> On Fri, Apr 14, 2023 at 2:00 PM Laura Atkins <laura@wordtothewise.com> wrote:
>> On 14 Apr 2023, at 18:38, Alessandro Vesely <vesely@tana.it> wrote:
>> On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote:
>>> On 12 Apr 2023, at 12:21, Douglas Foster <dougfoster.emailstandards@gmail.com> wrote:
>>>> Any form of security creates inconvenience.
>>>>
>>>> Yes. And we make tradeoffs between that. In this case, the security is 
>>>> ensuring that users at specific domains can and should only send mail 
>>>> through approved channels managed by those domains. Many users have 
>>>> violated those security policies, by participating in mailing lists. This 
>>>> caused problems for other folks on the mailing lists - as they were the 
>>>> ones removed from the list due to the security policy. The lists responded 
>>>> by rewriting. This causes yet more inconvenience to other subscribers and, 
>>>> additionally, allows the users to bypass their domain security policy. 
>>>> I am not seeing how this creates an arena of security.
>>>
>>> Security is not From: munging.  That's the workaround that security 
>>> requires.
>>
>> No security (at least in the viewpoint of some people) is using a p=reject 
>> for mail from their domain. In that context, From: munging is actively 
>> subverting the security  settings of domains.


I guess the subversion you mean is that From: munging gets people used to see 
such kind of fake.  I agree that incongruity between display-phrase and actual 
address can be a security threat.  However, there are innocent forms of it.


>>>>> Based on the header rewriting done by IETF, I have a hard time seeing how 
>>>>> its rewrite of Comcast addresses can cause any of the problems that you 
>>>>> cite.
>>>>
>>>> That’s how the IETF rewrites, it’s not how everyone rewrites.
>>>
>>> Couldn't the IETF say how to rewrite?
>>>
>> There’s currently a deployed base where there are many different ways to 
>> munge. "It is a _fact_.”


Yes.  Yet, better munging can always be applied without altering functionalities.


>>>>> But does your domain require even headers to be rewritten?    Why doesn't
>>>>> IETF ask you, and omit rewrite if that is what your domain wants?
>>>>
>>>> Because that doesn’t scale for the IETF.
>>>
>>> Mailman options do scale.  From: rewriting is going to fade off by first 
>>> allowing single subscribers to disable it, for the posts directed to them, 
>>> after their MX set up some kind of agreement with the MLM. >>>
>> The _fact_ still remains that From: rewriting is actively subverting the 
>> security of domains that choose to publish p=reject.


I'd rather call it training readers on the significance of the display-phrase 
part of a From: line.  Phishermen will keep on exploiting it in any case.


>>>>> It is hard for me to cry over mailing lists when they cannot ensure that a 
>>>>> post comes from the asserted poster and they cannot adapt their DMARC 
>>>>> defenses to the preferences of the recipient domains.   Life is hard.   It 
>>>>> only gets harder if I wait for someone else to solve problems that I can 
>>>>> solve myself.
>>>>
>>>> I don’t understand how header rewriting ensures the authenticity of a 
>>>> poster. Given the data is being modified by the MLM, it seems to me that 
>>>> rewriting compounds the problem.
>>>
>>> It doesn't.  The authenticity should be checked on entry.  THIS IS ABUSE 
>>> post had dkim=fail by ietfa.amsl.com, but they didn't bother rejecting 
>>> for that, which is what they should have done.  We are suffering all the 
>>> damage caused by DMARC but don't enjoy any of the advantages it could bring.
>>>
>> I encourage you to think very hard about why, after more than a decade, we 
>> still don’t see any of the advantages to DMARC.


Didn't get that.   I'd guess that implementing DMARC wasn't a priority for IETF 
mailing lists.


> While the you part of "we" may not see any advantages, quite a few 
> financials, greeting card sites, retailers AND many receivers have seen the 
> advantages, including p=reject. One thing I've learned over the years is 
> that it is presumptuous to speak on behalf of "everyone" when you don't 
> actually have their authorization to speak on their behalf. It's kind of 
> like sending email claiming to be from someone else's domain without their 
> permission.


Michael obviously understood Laura's point better than me.  The only part I 
understood is that "we" are the ML subscribers.  We see no advantage because 
DMARC is not implemented on ietfa.amsl.com.

Oh, certainly until the only abusive messages we see are those straw men, there 
is no actual worry.  It's the principle...


Best
Ale
--

v2.23.0 | Report a Bug | By Email