IETF Logo Mail Archive

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

Dotzero <dotzero@gmail.com> Thu, 13 April 2023 16:11 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FF95C151543 for <dmarc@ietfa.amsl.com>; Thu, 13 Apr 2023 09:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hODMl834geHL for <dmarc@ietfa.amsl.com>; Thu, 13 Apr 2023 09:11:21 -0700 (PDT)
Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4635C14CEFD for <dmarc@ietf.org>; Thu, 13 Apr 2023 09:11:21 -0700 (PDT)
Received: by mail-ua1-x92f.google.com with SMTP id p91so23992684uap.1 for <dmarc@ietf.org>; Thu, 13 Apr 2023 09:11:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681402280; x=1683994280; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5Pq6C7tS3t8TX2TqWh2fruRWlTv7ogkMWOmn+xCGTMU=; b=FjKh2bEO5sdsrrspVc2NZS1ekhvd7xebiQx6WX7RUzXtaLlgmDwaoq4yXNd7vmOuUB Qm+OZY/wpIwQkX/Fyo4KKIgGeFshaWtKRG7nsPueJb5ObmDe2fClGus7wTf5Ey1Tx1Da mj5m408BNe4YMVWCqf5Y3qZUXe8ZT1gYoFqGJy+HC6yDEJtpji0do01ixnViyT6XhBVN 0+sSqn9riQve+lUHIiu0C17I20D7pRNHgCgAnN3ot22PQ/U2hIwdkkL0yETE1YjA3qmf Ohb3UYKzcd62ehp64nEQdwFiQ88uN8gff6FaSsVUXTwf07rdQRN7acrCpkMv6W9ZgfOg mnfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681402280; x=1683994280; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5Pq6C7tS3t8TX2TqWh2fruRWlTv7ogkMWOmn+xCGTMU=; b=BfxsIIJAQrJ4BY5z8nqrROcz71Zf8TAXOy2xobH8EHdPLEwbc9WOHUgestAMBJ5lBs vAC8/DKqjXTqC5bsKnaBzTuwn+14h9PY3EAWCuU02u6dfIfkfSZbVMl9Jj4WpPzY0FAB vzVj6HCcin5eTfqEsuc1jCQLsEu+OP/MHH8QdQXqKWyKSyPNziN3oTXCjsIc294Gt8UA XcbiQnuj+7d30neYB05mEa+89ITlOoDHI5PZ5KHB/gSWGVjLaO+Exf0QnBSHzlYxbE+X U0epbQ6fXV89eOt0a5MVUCTRFFkLdd2aoOxCZm2O0bFypVGYlylu7o2ZBysqhKiJM8AK Cgcw==
X-Gm-Message-State: AAQBX9f9QddgeH4KR8FiPAk7KBkcuKmgHYRSPyQJvsi8bRzxudh5Ddjf oBsSjOFT8+YICbyAX+BWbk1f/BpooaoWtKBLqyk=
X-Google-Smtp-Source: AKy350aDfHXFAGPsVSqDuksNgpgB13LRmJN+X3JQeGCHCp89Liub+9HbLxvyg9Fu9BlY9EYftt8eVshGYycXdkXLpZs=
X-Received: by 2002:a1f:a154:0:b0:43b:6f57:4a00 with SMTP id k81-20020a1fa154000000b0043b6f574a00mr1239877vke.3.1681402280623; Thu, 13 Apr 2023 09:11:20 -0700 (PDT)
MIME-Version: 1.0
References: <20230408135613.C3E1CBC81C2A@ary.qy> <48D13F81-6022-45F8-AE56-20474E68BAA1@marmot-tech.com> <A6AAF170-BE18-4713-A2E0-A6E070FBD1F7@kitterman.com> <MN2PR11MB4351E287D89465D328A9F14DF79B9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAL0qLwbP-Ui2D7NAcLuaT-2HjAmPO3z-KGNCGvjTLDJYMJXEog@mail.gmail.com> <CAL0qLwYnQ8Zuy8+w8ie-0O6+9YiPmPxcrQo_CozO_C9GLWCW8Q@mail.gmail.com> <MN2PR11MB435110CFCCA9A6F54A92ECE3F79B9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAL0qLwYDdEWaMb6+7Srtj=1v-07-v8WNe+DpvpVHHcqncAuyDA@mail.gmail.com>
In-Reply-To: <CAL0qLwYDdEWaMb6+7Srtj=1v-07-v8WNe+DpvpVHHcqncAuyDA@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
Date: Thu, 13 Apr 2023 12:11:09 -0400
Message-ID: <CAJ4XoYf77SRJpOBmytvX7z_qn15XCZuYfZbkhoN_B_85Fms+Vg@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: "Brotman, Alex" <Alex_Brotman@comcast.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a9424c05f939f95a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/32u2pU9rCEIHK_xxn2ic89M5ln0>
Subject: Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2023 16:11:22 -0000

On Wed, Apr 12, 2023 at 1:57 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Wed, Apr 12, 2023 at 8:27 AM Brotman, Alex <Alex_Brotman@comcast.com>
> wrote:
>
>> In the case of DNSSEC, my ISP is the intermediary utilizing DNSSEC, and
>> the website signs records via DNSSEC.  The website I want to go to breaks
>> their DNSSEC.  My ISP cannot retrieve a record to return to my browser that
>> can be used.  A is the browser, B is the website, C is the ISP DNS platform.
>>
>>
>>
>> I understand your point, though I think mine still has reasonable merit.
>> I understand the charter is to resolve the interoperability between
>> indirect mail and p=reject.  I’m just not sure I see an intersection of
>> “fix indirect email” and “p=reject”.
>>
>
> I see what you're getting at, but I don't think they're comparable.  There
> are a few main differences:
>
> 1) DMARC is a surprise to some actors.  The intermediary in DMARC doesn't
> know that it's suddenly contributing to a problem.  In the DNSSEC example,
> the ISP DNS platform knows it's participating; it is, after all, a
> DNSSEC-aware resolver.  In DMARC, suddenly MLMs around the world have to
> change what they're doing and don't know they're part of a new problem.
>

If DMARC is a surprise to "some actors" today, they clearly haven't been
paying attention. It was first publicly published (not through IETF) in
2011. With regard to MLMs and forwarders, the wake up call would/should
have been in 2014 when AOL, !Yahoo and other domains with lots of users
started publishing p=reject policies. I'm not commenting on other aspects
of the discussion, only your belief that in this day and age, DMARC is a
surprise to anyone.

Michael Hammer

v2.23.0 | Report a Bug | By Email