IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #1 - SPF alignment

Douglas Foster <dougfoster.emailstandards@gmail.com> Sun, 31 January 2021 00:45 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4FBC3A129A for <dmarc@ietfa.amsl.com>; Sat, 30 Jan 2021 16:45:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRS4CXEfppCW for <dmarc@ietfa.amsl.com>; Sat, 30 Jan 2021 16:45:00 -0800 (PST)
Received: from mail-ua1-x933.google.com (mail-ua1-x933.google.com [IPv6:2607:f8b0:4864:20::933]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5A903A1298 for <dmarc@ietf.org>; Sat, 30 Jan 2021 16:44:59 -0800 (PST)
Received: by mail-ua1-x933.google.com with SMTP id g13so4599024uaw.5 for <dmarc@ietf.org>; Sat, 30 Jan 2021 16:44:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=s4BBYD5gGb98tnuippM/0H3Z1dBou3Q+cB035AqBHiI=; b=YoTQcAiZKlBIWIXaEYYa7ShW/AbUwCkEpdvwcYgkBlE4zQ6I4A9x5Qdib4qqcciD7u kt5DPo7Xv59aQGmbXAgp/884mWRzcCyiLZVYUd9FHHzW1A2+Xdc/i/1rUCO3VMW2eGmW nwcViPkFaQ3g6Kw0VU28Fy1h9H9YHuYB5U+jdkiYVOLCTHvpBHZr7OYO1W4s8a3TcU3c HmdTpFsnc7Ca06abu0dNV/CoM+BITnj3gMZwzlrVNyWfgT4l1tQgV+YY0ORB6GcHbNH1 CDZ2lZQWwNez4JwasNuSyZD350CuloMWceZH73YZ4D1Sf1kxvQwGh4pRZGdpChD9kKyO lyWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=s4BBYD5gGb98tnuippM/0H3Z1dBou3Q+cB035AqBHiI=; b=k686oSvrtr50GNiy22F11weE7YpX1pu1tCjUIAmXU1o5qMCJbha7P6ywaU+o/tXsFh UiygQgHyRSDcbGpJ3PKC+jthKnynV8J5GBoAGxazXp0PsdzQme6TSl04h3gaUKArQzTQ qAzUJuZNlIMCZk5gzAngDk/OUr1y+x8poCIZV2cHK4fbP30ATOZ5mKJYfS0W3kqDMEkE pON05Lj9E37OOPt4XXz4eWv2k8gOx4dyW9Gb7NKO5WAizlV4muZMdvvc740zd155/YrR QekMHyb7YG0HhBHWQPJAUQHY99/ssFQps32zZDZesq1oMu4felxZ+6bGnSyb+w6RbeX0 12ww==
X-Gm-Message-State: AOAM532z41S/jPsULWW7ZG+2rJDK/61xlQ+xV0oWGC0YKVjz/L8fbGK/ vBIH1NFM4WDagUn6T7hjsC2Ze/uQnhNs8bA7UkANRGS1
X-Google-Smtp-Source: ABdhPJxF9gnxFZNd+RVgl3k+jLn9Mi2L6axGreGQGADsXE9q+IGeTn01cWTDHqhw3At60gPQmZ8+m29xdVG3zmqJmfs=
X-Received: by 2002:ab0:5e6:: with SMTP id e93mr6102497uae.109.1612053898639; Sat, 30 Jan 2021 16:44:58 -0800 (PST)
MIME-Version: 1.0
References: <20210130212339.447316D04763@ary.qy> <66EB1EFC-753D-49FA-8652-BABB10397990@bluepopcorn.net> <1edea785-2420-9812-643-c38bc4bf9577@taugh.com> <892F89B5-F86C-4BAD-A88F-C7A48B930D04@bluepopcorn.net> <ae9761b9-1560-da7e-89e5-34f570d24fc5@taugh.com> <9190a914-f037-8f44-d3a0-a454deab6371@mtcc.com>
In-Reply-To: <9190a914-f037-8f44-d3a0-a454deab6371@mtcc.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sat, 30 Jan 2021 19:44:45 -0500
Message-ID: <CAH48ZfxUG2QL=GO3Rnya2uXTROYy=qWuoaN41Lk-ujPGZH8Exg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fcbf6305ba278be6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/36-pq7dmdMdlfrGGlfKimL5eaIk>
Subject: Re: [dmarc-ietf] Ticket #1 - SPF alignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2021 00:45:02 -0000

Anything can be gamed if it is trusted without verification. But verifiable
data is hard to game.   If you ensure that Helo can be forward confirmed
before considering it trusted, how is it risky?


On Sat, Jan 30, 2021, 5:45 PM Michael Thomas <mike@mtcc.com> wrote:

>
> On 1/30/21 2:09 PM, John R Levine wrote:
> > On Sat, 30 Jan 2021, Jim Fenton wrote:
> >>> Part of the problem here is that DMARC generally sits on top of an
> >>> SPF library which doesn't tell you how it got its result.  My DMARC
> >>> code just calls the SPF library and uses the result.  I suppose I
> >>> could put in a hack to say don't use the SPF result if the MAIL FROM
> >>> is null, but I don't think that's what 7489 says.
> >>
> >> Are changes to 7489 off the table here? I didn’t know.
> >
> > They are certainly possible, but I would want a good reason.  At this
> > point, SPF using HELO seems harmless so I don't see a reason to
> > disallow it.
> >
> >
>  From a security standpoint, I wonder why you would want to allow
> something you know can be gamed. But that is probably more a question
> for SPF itself.
>
> Mike
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email