Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

John R Levine <johnl@taugh.com> Thu, 31 December 2020 18:22 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C32013A0E28 for <dmarc@ietfa.amsl.com>; Thu, 31 Dec 2020 10:22:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=ibN2sk5N; dkim=pass (2048-bit key) header.d=taugh.com header.b=ZA1KxF4e
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IaLQl7gmsoHd for <dmarc@ietfa.amsl.com>; Thu, 31 Dec 2020 10:22:54 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C1E33A0E26 for <dmarc@ietf.org>; Thu, 31 Dec 2020 10:22:53 -0800 (PST)
Received: (qmail 68966 invoked from network); 31 Dec 2020 18:22:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=10d5e.5fee16fb.k2012; i=johnl-iecc.com@submit.iecc.com; bh=pW6xWubZQYU6LeBrIsY5uzjl7D/fcUKNsxvkq1VoPwY=; b=ibN2sk5NWRR5DPU9c/l0FhXalrS1jdKJA7yQQYKBhB5GKY6nYSyNGMOjMUK/N01udVzvXmheENkUXCJJTwcqIepI2EgX/t4Npae5sCatF+dlBfIsEUZRB1/Atei1xCvR9IDwQEH/B270rYVR1aVhVc9K3HN7i693SFXfX7SaAotzJINdnhp6JnNEda85MqatndXmoWUbVZUJoCTi6RtFuVXYH6Am2qJUs6qc7XSvkgb2N0v+AL0eyYKS64NXVzoHYhvhdYgDd4ZoVff3+O2NPuWMACY5TtZpHCyyTpI5cI+1DZxkwaCKSpZ6Ib8hbxgmlcq2Gk3URj/RKPnbcE+rHg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=10d5e.5fee16fb.k2012; olt=johnl-iecc.com@submit.iecc.com; bh=pW6xWubZQYU6LeBrIsY5uzjl7D/fcUKNsxvkq1VoPwY=; b=ZA1KxF4edDDmqn5pZpJIag0ug4pYI+RvEDOZJWBpx34Y+fnWIVutFjZ/MLU71ZG2JM+4b3oe6kWxPYtviakP0Im03GGgysTtp+BEWVgPHmVsXLke69v8LkLTFR01/31AJ5ZzA+Qxj5HyPCITY5oi3kQ0Bkx5C5dwVxneEBbwprBUNPNttM+emS6518rO40uGc0+fS2LmXnGSKKCbSd2u0rDagGb93Vd0Pys7Ae8G2poRR3+SlXvLoXg258df7pwHyxvHJRvL8vzbWiV0lc2bVt4zlmt+Ujsg4iljHowgS6bQxnprSrL5voL/8eYqK0G/hzwbgln/1wquznZM3k+hgg==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 31 Dec 2020 18:22:51 -0000
Date: Thu, 31 Dec 2020 13:22:50 -0500
Message-ID: <64cb14ed-322b-eecb-bed2-13349e19b833@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Alessandro Vesely <vesely@tana.it>, dmarc@ietf.org
In-Reply-To: <3999b617-b0e7-7341-93df-4a2ccea134e4@tana.it>
References: <20201231160030.20AFB3EE7AD7@ary.qy> <4bd444a4-0c34-467a-cfcb-a8f7c14b723d@tana.it> <b030d1f-44d4-4330-eb17-c930eb968be2@taugh.com> <3999b617-b0e7-7341-93df-4a2ccea134e4@tana.it>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-907014498-1609438971=:22541"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5H0m1f1wi1Io4lT-Wt_B0LJHXAI>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2020 18:22:56 -0000

>> To what?  The Yahoo address is the only address the scout troop has?
>
> Copy that to Reply-To: and write a mangled From: that looks troopy but passes 
> DMARC.  Just like MLMs do.

Lists at MLMs have names that the subscribers will recognize, but the 
scout troop only has the Yahoo address.

There are certainly kludges that one can apply to circumvent DMARC 
rejections, but this is a clear failure, an existing legitimate mail use 
that DMARC breaks.

R's,
John