IETF Logo Mail Archive

Re: [dmarc-ietf] Signaling MLMs

Hector Santos <hsantos@isdg.net> Thu, 13 April 2023 18:20 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB835C151B3D for <dmarc@ietfa.amsl.com>; Thu, 13 Apr 2023 11:20:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3GRoSm8d8F3l for <dmarc@ietfa.amsl.com>; Thu, 13 Apr 2023 11:20:47 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E275C151B3B for <dmarc@ietf.org>; Thu, 13 Apr 2023 11:20:46 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2018; t=1681410036; atps=ietf.org; atpsh=sha1; h=Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=qFWIKfiLEpZSAtRDnqTBawOT/onzmetRd/ABvdFkh0Y=; b=KoZs bWsNKeEbON6YLLixtqWBzgklYMekAFeMHVKpmGajwYogeGdGVzSM2CIA0e9Ugukw efdZG3dcf9egxac2yw8PetInpP4VXmKxnNqcaKMj65drdR7y+LkT0gYU3gyNbK8I rZ7qteBr6T5wfsfOBTZ72M2X7RddBImfOuGGXg8=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Thu, 13 Apr 2023 14:20:36 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 1802834145.1.9152; Thu, 13 Apr 2023 14:20:36 -0400
Message-ID: <643847F9.8090905@isdg.net>
Date: Thu, 13 Apr 2023 14:20:41 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <CAL0qLwZc2X7tyP+_8vvL3Yb7uJk6td3XGbsXUB68BNUEMhV4yQ@mail.gmail.com> <CALaySJKcf5=c_5rTiZUdRmUqsuAm0P-TykN+dew74uURRKn-5w@mail.gmail.com>
In-Reply-To: <CALaySJKcf5=c_5rTiZUdRmUqsuAm0P-TykN+dew74uURRKn-5w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/44b5Ghh6MdxgGTPvAwDR5oGAw48>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2023 18:20:51 -0000

On 4/13/2023 11:14 AM, Barry Leiba wrote:
> There's no need for a signal here: the MLM can simply check the 
> sending domain's DMARC policy when a new post comes in, and 
> preemptively reject it if the policy is "reject". The IETF 
> considered doing that and ruled it out because it would mean that 
> users with yahoo.com addresses (and others) could then not 
> participate in IETF mailing lists without changing addresses. 
Code change where?  In the MLS or some post scripting code?

> I think that was the wrong decision, but we decided on the ugly 
> "from" alteration instead. 

Code change anyway.   No way around this code change - a direct MLS 
change or MLM low code script add-on/change.   My MLS checks it's 
entry points for restrictive DMARC domain; subscription and submissions.

> I still think that outright refusal of posts from p=reject domains 
> is a good approach and I wish it were used more, but most MLMs that 
> are willing to put in a change to address this seems to prefer not 
> to punish the sending domains users for the excesses of the domain 
> management.

+1.

It can only be considered more with key cogs support and promotion to 
their industry/trade support peers. Iow, Editors SHOULD 
support/champion their RFC work like ATPS and DMARC.  Many ideas and 
concepts from DSAP merged from WG work. DMARC is a collection of all 
the past work with reporting. But it needs DSAP policy ideas and ATPS 
concept to help bring some steady state to transporters. DMARCbis p= 
should be describing the failure handling not restricting the 
evaluation of a failure.  This will provide the tools to define the 
nine possible 1st vs 3rd party signers.  MLS needs to support this.  
The MLM operators need to support it too. Of course, the MLS/MLM can 
use Local Policy to override at its own risk especially when DMARCBis 
offers nothing to resolve this problem.  But it can easily fit in too 
and see where it goes.


-- 
Hector Santos,
https://santronics.com
https://winserver.com

v2.23.0 | Report a Bug | By Email