IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal

David Verdin <david.verdin@renater.fr> Tue, 20 June 2023 08:09 UTC

Return-Path: <david.verdin@renater.fr>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8D98C151084 for <dmarc@ietfa.amsl.com>; Tue, 20 Jun 2023 01:09:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.083
X-Spam-Level:
X-Spam-Status: No, score=-2.083 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=renater.fr
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rQaMSq0dWCj for <dmarc@ietfa.amsl.com>; Tue, 20 Jun 2023 01:08:57 -0700 (PDT)
Received: from smtpout01-ext2.partage.renater.fr (smtpout01-ext2.partage.renater.fr [194.254.240.33]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AED0C151545 for <dmarc@ietf.org>; Tue, 20 Jun 2023 01:08:31 -0700 (PDT)
Received: from zmtaauth01.partage.renater.fr (zmtaauth01.partage.renater.fr [194.254.240.25]) by smtpout10.partage.renater.fr (Postfix) with ESMTP id E3818636C6 for <dmarc@ietf.org>; Tue, 20 Jun 2023 10:08:26 +0200 (CEST)
Received: from zmtaauth01.partage.renater.fr (localhost [127.0.0.1]) by zmtaauth01.partage.renater.fr (Postfix) with ESMTPS id CF4121400F3 for <dmarc@ietf.org>; Tue, 20 Jun 2023 10:08:26 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zmtaauth01.partage.renater.fr (Postfix) with ESMTP id BC584140120 for <dmarc@ietf.org>; Tue, 20 Jun 2023 10:08:26 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.10.3 zmtaauth01.partage.renater.fr BC584140120
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=renater.fr; s=434FF89C-53C0-11EA-99A1-2151382FAF3A; t=1687248506; bh=4qfrNXE1pQwu4L4+UIkUfsab6Lnno2CCjLbHKyTQvNQ=; h=Message-ID:Date:MIME-Version:To:From; b=J6YulVJdlGaJLE6hmkpFrAwUg8tiJmgcCu/lk5bJ5thNBoB2IiKDIAJdKBm1dakHF T07OrQ0Yh7DQj3bSFtyswQlCV6hTGVe7fOjHgfosfhhOCEFagnFb0ziDWMvBZ2BmG4 /o++6eVGJu6QYXvLpxCf9lz8RjzlHcN1CxwmesgVqN7LXE6jr23EI53jL5oN3WBkTu LJ1iZyX17jegX97DMxXIbOnBZ8MU8YrjSJwCQ3XoNnIZM1bK6sJi5zTVxDfn/CV357 QJ+jjQDtMbx1NVouCAvkL8QuD5cNk0eY1VeRURszbQaudOoBjjwQFO8zDEsVfWsnAo tR2uMB5PJpDVw==
Received: from zmtaauth01.partage.renater.fr ([127.0.0.1]) by localhost (zmtaauth01.partage.renater.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nTcOpzBuMxYC for <dmarc@ietf.org>; Tue, 20 Jun 2023 10:08:26 +0200 (CEST)
Received: from [10.46.32.181] (unknown [194.254.241.249]) by zmtaauth01.partage.renater.fr (Postfix) with ESMTPA id 6793A1400F3 for <dmarc@ietf.org>; Tue, 20 Jun 2023 10:08:26 +0200 (CEST)
Message-ID: <7583ad39-ebb1-6024-6f22-38c0d85309db@renater.fr>
Date: Tue, 20 Jun 2023 10:08:26 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
To: dmarc@ietf.org
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <25736.57534.195344.782189@fireball.acr.fi> <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it> <25739.5435.550786.601699@fireball.acr.fi> <25739.33240.127804.524371@fireball.acr.fi> <5d9a0b0f-8777-2494-d779-376c6ab8b37d@tana.it> <7d39aa8e-dacc-05fa-eff1-2cc350d521db@inboxsys.com> <CAH48ZfwyBwfKzG_3R5uyV6tmY0yUtWy=5yAoAOEhUGn_Rz6HNw@mail.gmail.com> <47b8a0c7-6a52-a4ad-e98e-8cb2f881713e@inboxsys.com> <285f2d2e-13fd-7cdc-c816-fba759f0745b@dusatko.org> <CAH48ZfzhyZK3RQHXH-PPk=sqY9gOtpA85vV-Myyo_RrEvOGu-Q@mail.gmail.com> <CAEYhs4F9=GDsCuQ9pAi8z-MBNHUJ9jZCwipT3Qe_YjaD65s9mA@mail.gmail.com> <CAH48Zfz-GRvXhOAWYn_mAypyoWm4L3=BKBxJad6X5NSFDD83yQ@mail.gmail.com> <CAEYhs4E=nrXsnTRNjCmC1yD-8HrKi0GLCdri5WjDHBvFubKHjw@mail.gmail.com>
Content-Language: fr
From: David Verdin <david.verdin@renater.fr>
In-Reply-To: <CAEYhs4E=nrXsnTRNjCmC1yD-8HrKi0GLCdri5WjDHBvFubKHjw@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060707070403020303010707"
X-Virus-Scanned: clamav-milter 0.103.8 at clamav03
X-Virus-Status: Clean
X-Renater-Ptge-SpamState: clean
X-Renater-Ptge-SpamScore: 49
X-Renater-Ptge-SpamCause: gggruggvucftvghtrhhoucdtuddrgedvhedrgeefhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucftgffptefvgfftnecuuegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmdenucfjughrpefkffggfgfuvfhfhfgjtgesghdtreettdefjeenucfhrhhomhepffgrvhhiugcugggvrhguihhnuceouggrvhhiugdrvhgvrhguihhnsehrvghnrghtvghrrdhfrheqnecuggftrfgrthhtvghrnhepueetieeghfehtedvueejgfefhfduvedtfeegfeektefhhffftedtgffhjeeiudegnecuffhomhgrihhnpehmrghilhgthhgrnhhnvghlshdrtghomhdpsghithdrlhihpdiivghnuggvshhkrdgtohhmpdihohhuthhusggvrdgtohhmpdhivghtfhdrohhrghenucfkphepudelgedrvdehgedrvdeguddrvdegleenuceurggutfgvphhuthfkphepudelgedrvdehgedrvdeguddrvdegleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduleegrddvheegrddvgedurddvgeelpdhhvghloheplgdutddrgeeirdefvddrudekudgnpdhmrghilhhfrhhomhepffgrvhhiugcugggvrhguihhnuceouggrvhhiugdrvhgvrhguihhnsehrvghnrghtvghrrdhfrheqpdhnsggprhgtphhtthhopedupdhrtghpthhtohepughmrghrtgesihgvthhfrdhorhhg
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2q7RqR-4ia7LhBb7r3cty9J5Cig>
Subject: Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2023 08:09:01 -0000

Dear all,

On the other hand for a hosting company, implementing SPF is just a 
matter of knowing where the emails are supposed to be sent from. You 
don't have anything to install on the outgoing mail servers to DKIM-sign.

And with the "include" mechanism, it is very easy to maintain an 
up-to-date SPF record, even if you have a very large number of customers 
: you only have one single record to maintain, which is not hard.

In addition, I'd hope to encourage any organization, including hosting 
comapnies, to know where their mail are supposed to be sent from. It 
looks like a minimum security knowledge to me.

Regards,

David

On 18/06/2023 23:06, Ken Simpson wrote:
> On Sun, Jun 18, 2023 at 10:56 AM Douglas Foster 
> <dougfoster.emailstandards@gmail.com> wrote:
>
>     I suspect that many domain owners have not considered the
>     possibility of using DKIM with SPF NONE.
>
>     Then there is the concern about evaluators that understand SPF but
>     do not understand DMARC.   Do they treat SPF NONE as acceptable or
>     suspicious?
>
>     For your situation Ken, do your clients have the ability to
>     connect their web-generated email to a DKIM signing server?   If
>     not, do you envision providing that service (with SPF AUTH login
>     to ensure clients are kept separate from each other))?
>
>
> Most web hosting customers are simple SMBs - think restaurants, small 
> shops, a car garage, etc. They have no idea what DKIM is, never mind 
> having access to a DKIM signing server. The hosting provider has to 
> hook up everything for them and presumably, with enough encouragement, 
> we could eventually get hosting companies to implement DKIM signing 
> for their customers. That is not the case today.
>
> Some transactional email providers provide a DKIM signing service with 
> CNAME-based DKIM key hosting. That's a great concept and we may one 
> day provide it with an API hook allowing the hosting providers to hook 
> this up for their clients at scale.
>
> Regards,
> Ken
> -- 
>
> Ken Simpson
>
> CEO, MailChannels 
> <https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website>
>
>
> Facebook <http://bit.ly/2dnoP3K> | Twitter <http://bit.ly/2ehoWni> | 
> LinkedIn <http://bit.ly/2dw87lU>| Help Center 
> <https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center>
>
> Our latest case study video: watch here! 
> <https://www.youtube.com/watch?v=psb41xDIL9k>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

-- 
"Mieux vaut viser la perfection et la rater que viser la médiocrité et l'atteindre."
- Francis Blanche

David Verdin
Chef de Projet Collaboratif
Département PROduits NUMériques
Direction des Services Applicatifs
RENATER - Rennes

v2.23.0 | Report a Bug | By Email