IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Sun, 07 June 2020 13:16 UTC

Return-Path: <btv1==427d487c9ec==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29843A0818 for <dmarc@ietfa.amsl.com>; Sun, 7 Jun 2020 06:16:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ZesxGDtDsJh for <dmarc@ietfa.amsl.com>; Sun, 7 Jun 2020 06:16:34 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DACCE3A0816 for <dmarc@ietf.org>; Sun, 7 Jun 2020 06:16:33 -0700 (PDT)
X-ASG-Debug-ID: 1591535788-11fa313a1090f50001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id q8q4deJWEzIuZ0vF (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Sun, 07 Jun 2020 09:16:29 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=jDMGwo7YthI8ZH2eDhY4SacUMRlCXMIQEdDz1Eo7sHw=; b=oltKhxuQNZZVv/IOdUXdBOBdaSrpykhgV6plOaYpGuiVIhHA1E8HEuMea1dXoWGJ9 YI5wFT19o6e6r/P9ifVOruqgX91zp1vN+CtG8a88uEPbFWe3f5NjGMsCb5M/CF5mP 9jxHXzTltZru0J3tNr9oGg3+3XqQjKnvCx30fi+IM=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: dmarc@ietf.org
Date: Sun, 07 Jun 2020 13:16:21 +0000
X-ASG-Orig-Subj: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <14fe18acad53467a8027e680dfc1067e@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="32de30de0f944a3a9768dea585aa106d"
In-Reply-To: <ac0f684a-4c00-0564-8cf9-5b955e037c87@tana.it>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <11640715.3lbasgNmsr@sk-desktop> <25420528-d356-0273-ceb3-c44a3c94bc91@gmail.com> <3138524.EPDo7oxCqE@sk-desktop> <4620e21f-32c5-7735-9faf-a5b045f84c0d@bluepopcorn.net> <ac0f684a-4c00-0564-8cf9-5b955e037c87@tana.it>
X-Exim-Id: 14fe18acad53467a8027e680dfc1067e
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1591535789
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 10762
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.82388 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4zkAPfcGP7A8WgQYDAKms4GEIu8>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jun 2020 13:58:35 -0000

1) The original assertion, that DMARC creates a conflict with prior specifications, appears to be undefended and incorrect.   For From Addressing, It merely establishes some boundaries that the sender and the recipient choose to consider appropriate.    For DKIM, it creates a use-case for a technology that was initially defined without any use cases.    Consequently, I think this topic is ready for closure.

2) Some of the discussion appeared to resolve around the assertion that DMARC can have no value.   Since that view is not universal, I think the project can continue with those who do believe that it adds value.

3) Some of the discussion has been about how to prevent soclal engineering of the recipient user.  This is an important topic, but not directly related to the project.  IETF would do well to establish some recommendations about how MUAs should behave, so that trust data can be displayed to the user.   A typical user will have access to at least three different email clients: one on his cell phone, a product-specific web page, and a desktop product like Outlook or Thunderbird.    If I wanted an organization policy that controlled when Friendly Name was displayed or DMARC status was displayed, I would have to find and distribute plug-ins to all of these products.   As best as I have been able to tell, no such plug-ins even exist for Outlook and the other products do not accept extensions.   There is an opportunity here for valuable standardization.

----------------------------------------
From: Alessandro Vesely <vesely@tana.it>
Sent: 6/7/20 6:19 AM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
On Sun 07/Jun/2020 00:03:28 +0200 Jim Fenton wrote:
> On 6/6/20 2:42 PM, Scott Kitterman wrote:
>> On Saturday, June 6, 2020 5:26:08 PM EDT Dave Crocker wrote:
>>> On 6/6/2020 2:23 PM, Scott Kitterman wrote:
>>>> If things like DMARC, SPF, and DKIM do nothing more than get abusers
>>>> to use different domains than they would otherwise, I think that's a
>>>> win.>>> The issue here is DMARC, not SPF or DKIM, since DMARC is the only one of
>>> the 3 that restricts the choice of domain name.
>>>
>>> With that in mind, I'll ask you why you think the kind of change you
>>> cite is a win.
>> 1. I think the domain displayed to the end user matters. In my sample size
>> of 1, it matters to me. I know I'm not the average user, but independent of
>> the question of how many users it matters to, there are some.
> Same with me, but again I'm not the average user.

+1, but then we're mailing list subscribers (leaving aside this list's topic.)

>>
>> 2. When abusers use different domains to send mail, it adds more information
>> for filters to work on, so even if this is all about filtering, that works
>> better too.
>
> But when abusers use different domains, the DMARC policy that applies is
> controlled by them and is therefore meaningless. And the reports, if any
> (probably none), are sent back to the attacker or their designate.
>
> Filtering might be done based on the DKIM signing domain or thesimilar
> envelope-from domain if SPF is used, but neither of those require DMARC.

The From: domain was chosen because that's the field that users can see. Now
we conjecture that users don't actually see it. Oh boy. Certainly, if the
From: domain is not visible we could filter on X-Filter-On-Me: and gracefully
avoid the mailing list problem.

On closer view, we seem to be discovering that the From: domain is obscured by
the display name. We always neglected the display name. Furthermore, by
letting the mailing list problem be dodged by creative From: rewriting, such as

From: User@Example.com <actually@someone.else>

we are granting full citizenship to devious display names. Some clients (e.g.
Thunderbird) can show only display name for people in the address book.[*] A
close, perhaps formally easier, subject is the IDN homograph attack.[†]

Would it make sense to ban, say, the use of the at sign (@) in display names?

Best
Ale
--

[*]
https://support.mozilla.org/en-US/kb/names-bug-no-email-addresses-are-displayed

[†] https://en.wikipedia.org/wiki/IDN_homograph_attack

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email