IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal

Hector Santos <hsantos@isdg.net> Sun, 18 June 2023 01:29 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0762AC151987 for <dmarc@ietfa.amsl.com>; Sat, 17 Jun 2023 18:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b="YeMzIu/0"; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b="tRDLDJYT"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vtvbnMbc8uH for <dmarc@ietfa.amsl.com>; Sat, 17 Jun 2023 18:29:25 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F40DC151981 for <dmarc@ietf.org>; Sat, 17 Jun 2023 18:29:20 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4089; t=1687051754; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:From:Message-Id:Subject: Date:To:Organization:List-ID; bh=vwDhrJ1uh/9UEOhbeT27bonn8xvpirL 0oVZW8Uhli+8=; b=YeMzIu/0EW9yM3KdZmIbaADlfI92X01UgH4fcMIQtsEeEID j9vIB4H8eX9I0ftF4Yy+BA0Kvz+G7J8PPzP11ufRHHIgalfCv/VUQrwKEd8ONwuB 4655+njrSJDnzfyGrbsW1en/NVZ52V/YRoHs8kw8EYohX0kM6LPcOv8oaCCQ=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Sat, 17 Jun 2023 21:29:14 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=none author.d=isdg.net signer.d=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([3.132.92.116]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 3149481177.1.5092; Sat, 17 Jun 2023 21:29:13 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4089; t=1687051750; h=Received:Received:From: Message-Id:Subject:Date:To:Organization:List-ID; bh=vwDhrJ1uh/9U EOhbeT27bonn8xvpirL0oVZW8Uhli+8=; b=tRDLDJYTO80TRmRZP0dF6gm/SC6N 1wUsHmYPHSk7APGk17V2y81ZbyH/iHVn4rOGC2haqhhXZrQinQoiI72mqN+DHql3 kd0sDTbyqfYrWFx3mEzNHbPztLyJ3pBOAI1hKmM0m8iW0QmoHMGX5RGxix3J8iKE fYTze965ksNMU+o=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.12) for dmarc@ietf.org; Sat, 17 Jun 2023 21:29:10 -0400
Received: from smtpclient.apple ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.12) with ESMTP id 3595531833.1.6808; Sat, 17 Jun 2023 21:29:09 -0400
From: Hector Santos <hsantos@isdg.net>
Message-Id: <CD569B49-A351-4234-A088-14BBAD469202@isdg.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_60DA2F65-063E-47D9-AE33-6A11F693659C"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Sat, 17 Jun 2023 21:28:58 -0400
In-Reply-To: <CAL0qLwaoie+6h2QWXF98TBBwYpN8fYf5O_Mr49YtG2vnAppgnw@mail.gmail.com>
Cc: Ken Simpson <ksimpson@mailchannels.com>, Jan Dušátko <jan=40dusatko.org@dmarc.ietf.org>, IETF DMARC WG <dmarc@ietf.org>
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <D225D7FC-C570-4B63-A694-9F16DB1F33E1@kitterman.com> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <25736.57534.195344.782189@fireball.acr.fi> <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it> <25739.5435.550786.601699@fireball.acr.fi> <25739.33240.127804.524371@fireball.acr.fi> <5d9a0b0f-8777-2494-d779-376c6ab8b37d@tana.it> <7d39aa8e-dacc-05fa-eff1-2cc350d521db@inboxsys.com> <CAH48ZfwyBwfKzG_3R5uyV6tmY0yUtWy=5yAoAOEhUGn_Rz6HNw@mail.gmail.com> <47b8a0c7-6a52-a4ad-e98e-8cb2f881713e@inboxsys.com> <285f2d2e-13fd-7cdc-c816-fba759f0745b@dusatko.org> <CAH48ZfzhyZK3RQHXH-PPk=sqY9gOtpA85vV-Myyo_RrEvOGu-Q@mail.gmail.com> <CAEYhs4F9=GDsCuQ9pAi8z-MBNHUJ9jZCwipT3Qe_YjaD65s9mA@mail.gmail.com> <CAL0qLwaoie+6h2QWXF98TBBwYpN8fYf5O_Mr49YtG2vnAppgnw@mail.gmail.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4qwQOl1W4b5lNxID0uBzyEaKlWg>
Subject: Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2023 01:29:30 -0000

> On Jun 17, 2023, at 8:41 PM, Murray S. Kucherawy <superuser@gmail.com> wrote:
> 
> On Sat, Jun 17, 2023 at 2:40 PM Ken Simpson <ksimpson@mailchannels.com <mailto:ksimpson@mailchannels.com>> wrote:
>> FWIW, I'd like to chuck my hat in the ring on the side of removing SPF from the next iteration of DMARC. As the operator of an email delivery service with tens of millions of primarily uncontrolled senders on web hosting servers, it would be great if domain owners could assert via their DMARC record that receivers should only trust DKIM-signed email.
> 
> Can these senders not accomplish the same thing by removing the SPF record altogether?
> 
> -MSK, participating


Isn’t SPF, DKIM and alignment are all required for DMARC1 passage? Failure if any are missing?

Even then, with no SPF, what would remain for a reduced DMARC2 requirement is a 1st party DKIM signature only.  No 3rd party. When we resolve this part, “I can die and finally go to heaven."

Note, from my pov, SPF was always separate from any payload DKIM-based policy protocol process because there are receivers who will reject at SMTP before DATA or DMARC consideration. For these optimized systems, DMARC would only ever see a SPF = pass, softfail, neutral or none/unknown but never a spf=reject unless the implementation delayed SPF rejects until DMARC can be processed.

—
HLS

v2.23.0 | Report a Bug | By Email