IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Scott Kitterman <sklist@kitterman.com> Wed, 26 April 2023 22:45 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2209FC151B07 for <dmarc@ietfa.amsl.com>; Wed, 26 Apr 2023 15:45:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="S6d9wyZ3"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="Pya3vsTf"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-8sNXbCTEkn for <dmarc@ietfa.amsl.com>; Wed, 26 Apr 2023 15:44:56 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14751C151B04 for <dmarc@ietf.org>; Wed, 26 Apr 2023 15:44:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 49553F802E7; Wed, 26 Apr 2023 18:44:37 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1682549061; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=mdefOIdPxuu8iUbr8KyHlBQ08UQ4CeIACytYIhC9j20=; b=S6d9wyZ3DWmhmR+OY/NMz6FqEuXPlklwQdsAl7JvXW3DxEVykuTza7VoULCWaNkvegjb0 KpLlqJtgebZxh1HCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1682549061; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=mdefOIdPxuu8iUbr8KyHlBQ08UQ4CeIACytYIhC9j20=; b=Pya3vsTfFs9ILM8I2gx366WdRrZvxv2Om9aZerGKHJhBTVPiZHyueJMEDdcsYujzkzQRI U/3XjLqjegrHfDEDhpVoEewZJvjuvD7flg+HAzAL23TORFffzoTtZx9jVPd8cHHXVSLKo09 FHaki8eCcE6XbfeN60q2L51q8fTl8WlrbB35UpFpHak4KPIcf+udGCTNwGvL29IwmrTD84m JvBJvDRnlglWRc1CPUXytmKViCCUCmzNJstpxCPi5pMqE+oVkdb+qAlddnlXUOxeUtICB+9 36rjRLHTFmXxl7lfMaooTHfEBxD1dj2PsD46IaQUffZRB4UCLji+tkengQvw==
Received: from [127.0.0.1] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id B9C5CF8014A; Wed, 26 Apr 2023 18:44:21 -0400 (EDT)
Date: Wed, 26 Apr 2023 22:44:18 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <7ff25a96-b6ed-4999-9315-a236bfeaf069@app.fastmail.com>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <29216533.CRhL9lMF2B@localhost> <9aaeadee-c29a-efe8-2c43-ed6fc1b3ed0d@tana.it> <D29CB79C-AAEB-4999-92C7-D19389916D98@kitterman.com> <7ff25a96-b6ed-4999-9315-a236bfeaf069@app.fastmail.com>
Message-ID: <A656A91B-9716-45F7-8222-B64E32A3A4FE@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4N9XR26z4r6VSewvkcg6a0udNY4>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 22:45:00 -0000


On April 26, 2023 9:52:29 PM UTC, Jesse Thompson <zjt@fastmail.com> wrote:
>On Wed, Apr 26, 2023, at 6:21 AM, Scott Kitterman wrote:
>> 
>> 
>> On April 26, 2023 8:08:39 AM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>> >On Tue 25/Apr/2023 20:27:18 +0200 Scott Kitterman wrote:
>> >> My recollection is that a general formulation that I proposed had at least
>> >> some traction out of both groups:
>> >> 
>> >>> [some appropriate description] domains MUST NOT publish restrictive DMARC
>> >>> policies due to interoperability issues
>> >> 
>> >> Leaving aside (for now) the question of what goes into [some appropriate
>> >> description] and with the assumption that there will be some non-normative
>> >> discussion to amplify whatever that is and probably give some indication about
>> >> what domains might do to not be one of those domains, is there anyone who just
>> >> can't live with that formulation of the situation?
>> >
>> >
>> >Me, for one.  Because more than 98% of domains are going to fall into the description, however we word it, that statement makes the whole I-D nonsensical.  Cannot we just tell the problem without MUSTard?
>> >
>> >In any case, using the complement of [some appropriate description] is certainly easier.  For example:
>> >
>> >    Forcing authentication into Internet mail by publishing restrictive DMARC
>> >    policies breaks some well established patterns of usage.  Publishing such
>> >    policies is thus RECOMMENDED only for domains [in this other appropriate
>> >    description].
>> >
>> Thanks.
>> 
>> I understand your objection to be that the proposed description of the interoperability problems would apply to too many domains, regardless of the modifier we might use.  Is that correct?
>
>I have a similar concern. Any domain owner with size or complexity or users (who will do what they wanna do) will easily find their domain in a mixed-use state, and (ironically) the only management/governance tool at the domain owner's disposal to prevent future unintended use of the domain, in favor of subdomains, is to publish p=quarantine|reject (throwing the baby out with the bathwater)
>
Which, I think is precisely the point.  "... or there will be interoperability problems ..." isn't a magic block to people doing things.  If you are willing to accept the fallout, nothing is stopping you.

I don't think what you describe as your concern is technical.  What I understand you to be saying is it's technically correct, but you would prefer it was less obvious.  I suspect that's not how you view it, but it seems to me like the fundamental concern is that if we clearly articulate the interoperability risk, people might choose not to take that risk.

Scott K

v2.23.0 | Report a Bug | By Email