IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Michael Thomas <mike@mtcc.com> Thu, 31 December 2020 18:36 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7DF13A0E3F for <dmarc@ietfa.amsl.com>; Thu, 31 Dec 2020 10:36:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLU4MU_iY8CB for <dmarc@ietfa.amsl.com>; Thu, 31 Dec 2020 10:36:19 -0800 (PST)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8900C3A0E3D for <dmarc@ietf.org>; Thu, 31 Dec 2020 10:36:19 -0800 (PST)
Received: by mail-pf1-x42d.google.com with SMTP id h186so11595627pfe.0 for <dmarc@ietf.org>; Thu, 31 Dec 2020 10:36:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=VRD5uNbcYaFizIhXNA5Sy9Z9jzcM6EZgMr18NWMMc0Q=; b=Hhhd8e9qiSCbswwN3v0/34wHlanHAw2B5YZMmSjVVMYb3De7V05V2+8ojQsRx6vWCZ 2nJlCPJ/o3D/My8mQUUZ6vBDNXM3fcIfT37iEX5D1ic3a6DP1AD5tC8rfC7qPXyqGY+q 8TI8SjBZhKZwaqbMzAiWbUkvXgyhpz7gmSsY1u8YAgg5Z8jTGjalsCNqYjFEL72r07rL e6gBsXbgba2H8YDppdyKaE0dM3sstka5pG9YBTN5DJ5jWsv6m+SyesqcbJ774dOMhtiX i5QHL/NoAM1lFhpYwauxrurglUG2hCH6qUOiqHlwt6QVBto6l0EGj2YPosowGSDJifUp lvNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=VRD5uNbcYaFizIhXNA5Sy9Z9jzcM6EZgMr18NWMMc0Q=; b=ocBgCurTn8vU8pFpS4ks1OJ25L9ENHjN8GtrK8/YluU7pupGp+leX/ZznRP1KWwwrU wiAUloxd/o/V1832lB0BzB/Ck//SXJOhsMGmE++5EZqZngTkJEMXyFh6VMK0T+IMP/au Uu/iL1cF7cQEk/ywHRwv0KJkx3+/EzrtitHCs7WxlmHC+/azEfHAXD2GfouWOBMOhXa8 eUarer04UMlrdncwdWug+GHPP/eYYB+1NFz+rWw8P7Vs+6BOf9jVj13a9WxouFWx+n5I zzUa1j8rukcxaSvBhxzFi79byWo6DSeN+1xBZDDyQkhF/Z3yLuzRJy0sQ/LYM+VgzPnA NS9A==
X-Gm-Message-State: AOAM5325vP4rqbPQhgzy0WS0pyBQ+K1YuB9PuzXKp8eCh8G8A4W73xSK hLdnQg7aMWo8o9BH8qxqXV7eObxwjThFgg==
X-Google-Smtp-Source: ABdhPJxvAeikcLk+nk/Y3zXyWM6q/hkUobpcIVvH7h/82SfH1QAzv/0Lwq0E7xSGmvnWtiBbgjP9qg==
X-Received: by 2002:a62:1b95:0:b029:19b:178f:84d7 with SMTP id b143-20020a621b950000b029019b178f84d7mr15519982pfb.70.1609439777482; Thu, 31 Dec 2020 10:36:17 -0800 (PST)
Received: from mike-mac.lan (107-182-45-95.volcanocom.com. [107.182.45.95]) by smtp.gmail.com with ESMTPSA id p16sm11682702pju.47.2020.12.31.10.36.16 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 31 Dec 2020 10:36:16 -0800 (PST)
To: dmarc@ietf.org
References: <20201231160030.20AFB3EE7AD7@ary.qy> <4bd444a4-0c34-467a-cfcb-a8f7c14b723d@tana.it> <b030d1f-44d4-4330-eb17-c930eb968be2@taugh.com> <3999b617-b0e7-7341-93df-4a2ccea134e4@tana.it> <64cb14ed-322b-eecb-bed2-13349e19b833@taugh.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <f0fa378a-f963-c96b-f9a1-a1bea16910fd@mtcc.com>
Date: Thu, 31 Dec 2020 10:36:15 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <64cb14ed-322b-eecb-bed2-13349e19b833@taugh.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5Trxn7eBLy3XYvfGW4cxkE5NYB4>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2020 18:36:21 -0000

On 12/31/20 10:22 AM, John R Levine wrote:
>>> To what?  The Yahoo address is the only address the scout troop has?
>>
>> Copy that to Reply-To: and write a mangled From: that looks troopy 
>> but passes DMARC.  Just like MLMs do.
>
> Lists at MLMs have names that the subscribers will recognize, but the 
> scout troop only has the Yahoo address.
>
> There are certainly kludges that one can apply to circumvent DMARC 
> rejections, but this is a clear failure, an existing legitimate mail 
> use that DMARC breaks.
>
>
The entire problem with catering to the long tail is that it is holding 
hostage better email security. We should stop doing that. There is no 
right to stasis forevermore. If the scouts email breaks, they can get 
somebody to fix it. They will thank us in the long run when scammers 
can't phish using them as a prop.

Mike

v2.23.0 | Report a Bug | By Email