Re: [dmarc-ietf] Signaling MLMs
Neil Anuskiewicz <neil@marmot-tech.com> Mon, 17 April 2023 00:43 UTC
Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ABBBC14CE42 for <dmarc@ietfa.amsl.com>; Sun, 16 Apr 2023 17:43:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.203
X-Spam-Level:
X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jo0KAc2VQ5L4 for <dmarc@ietfa.amsl.com>; Sun, 16 Apr 2023 17:43:17 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9DEC14CEFC for <dmarc@ietf.org>; Sun, 16 Apr 2023 17:43:17 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id y6so22862670plp.2 for <dmarc@ietf.org>; Sun, 16 Apr 2023 17:43:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1681692197; x=1684284197; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=LakJkPmP1JTvwpbDMnw5W5Ndg6Wdfs+XG3oMxyyepoU=; b=ZpsIdjX3qbEzrDGGfjFqFggkQulo0xV3MaNO2O/zbfQcFwEg3XJVBG4nR3/jSyGKuh jsdoVj6gysVHoWUeyaLRRZzFxmG+Uw/u4PMoahu6WPrncXxd4QCZFYX5s4EUVVlEEUZ2 vx05En85hVaP8WkK6Wga4rmHXArMUsOtmpQJi/IHommt6A/2V7e6Hn74PUsoQgCT+l6F Me5xFKIfqH9QWXAhmgk5oIabtt+LtDtEeQEr8NHbtn39DrSp+qoOsth/YVYta0VnXPT4 /CUfHHlR52MtEi7uaTZkRrqluuItClIFRGvBDqzCKZi/0BzmZiNcjOk8cr2ztGJw6ifw gDIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681692197; x=1684284197; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LakJkPmP1JTvwpbDMnw5W5Ndg6Wdfs+XG3oMxyyepoU=; b=MEZWmYPn9IOEYEMvlZe5U/0qpRM9i3jQrxiQ1no8qDOh1NDV3PctTZ8dYPJt3MmYwt nQrMANK8LAJC+eERV7SC5+f4fq8bK3CPqIZ6Y7Qs0yuonjyLrV3IGaPVkd/1LHrFl6Ao 3zTBznDxnpQzvAXOZcq3I6rHfLQP3DAb+KlJMpDaLrVFibfHSTpkxSMknFrDb6ldBDYZ ecLF8VJhrvt0uQNOchfpDX77F6i+2q6K9al59JDmk1QrkKweSx5biQN6cYWwd8mNRHAX 1F4Kp1bRJzfiYlLK9fZMm26DDkdWDNLGe1/Gm2CkBtGOh4RoGggEj9Eo4jN2eiGGLCuL +WKw==
X-Gm-Message-State: AAQBX9dUl8YFjUhgFXcj+ixVG5vmvwbEwlZHGZKaG1Hi6eKpom48GbkN E5rmpS2SXvwhpe9sKInyMQYD5Q==
X-Google-Smtp-Source: AKy350bCCddTDcRXc6azrkvv/JVFdBvnksIMUmYwsYYCQCX5YOQjB2kYHBhPkxDfyaRt4XaXMLEm1g==
X-Received: by 2002:a17:902:ce92:b0:1a6:dba5:2e3e with SMTP id f18-20020a170902ce9200b001a6dba52e3emr2192046plg.25.1681692196881; Sun, 16 Apr 2023 17:43:16 -0700 (PDT)
Received: from smtpclient.apple ([2601:1c0:cb02:fad0:7c16:68af:d685:6313]) by smtp.gmail.com with ESMTPSA id r4-20020a170902ea4400b00194caf3e975sm6363013plg.208.2023.04.16.17.43.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 16 Apr 2023 17:43:16 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-D1D5C67A-84CC-4539-BE58-11369C194F90"
Content-Transfer-Encoding: 7bit
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Sun, 16 Apr 2023 17:43:05 -0700
Message-Id: <AA303EAF-76DA-4FAD-877D-C7B0143E21D3@marmot-tech.com>
References: <5DAE096A-B547-4569-A3C6-34ED9EC91B2D@isdg.net>
Cc: Dotzero <dotzero@gmail.com>, Douglas Foster <dougfoster.emailstandards@gmail.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Alessandro Vesely <vesely@tana.it>, IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <5DAE096A-B547-4569-A3C6-34ED9EC91B2D@isdg.net>
To: Hector Santos <hsantos=40isdg.net@dmarc.ietf.org>
X-Mailer: iPad Mail (20D67)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6dS85rQch3GsOpUb6l6pNmid_8U>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2023 00:43:21 -0000
On Apr 15, 2023, at 7:52 AM, Hector Santos <hsantos=40isdg.net@dmarc.ietf.org> wrote:
On Apr 14, 2023, at 7:31 PM, Dotzero <dotzero@gmail.com> wrote:On Fri, Apr 14, 2023 at 5:55 PM Hector Santos <hsantos@isdg.net> wrote:Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic.DMARC says that any FAIL calculated via SPF or DKIM is an overall DMARC failure. In standard boolean logic is it an OR condition:IF SPF FAILS or DKIM FAILS Then Reject.You have it absolutely backwards.DMARC says if either (aligned) SPF validates or (aligned) DKIM validates, it passes.Hi Mike,Appreciate your comment.This OR gate logic will short-circuit DKIM with SPF validating. Optimizing means not processing the payload and just issue a 250 which is ‘absolutely' not what we want. In fact, DMARC logic is an AND gate of two protocols; one standard, one informational with some controversial constraints (alignment). I think you maybe meant:SPF predates ADSP/DMARC. It is a 5321 level technology. It is not a payload 5322 technology. Interestingly, you might be thinking in terms of SenderID which was a 5322 technology which offers SPF with the PRA (5322.From) as a new identity to evaluate.I know it’s hard to believe for many but there is still a good percentage of domains that do not do ADSP or DMARC and maybe not even DKIM. Just consider platforms using Integrated Mail Bots to automate things and they who don’t need the overhead. SPF is good enough.Using Pareto, SPF is the only thing needed for hard reject policy (-ALL). DMARC is useless at this point unless you want it to override SPF hardfail rejects and record and send reports, That would be a local policy. An implementation detail.Over 88% of the time, when SPF fails, DKIM/ADSP/DMARC, if available would also fail. So the payoff is high to short-circuit and lowered when you needless transfer a potential large and harmful payload.But for SPF soft failures (~ALL), that is when the interest of coupling SPF soft fail results with ADSP results got traction.SPF verifiers will pass SPF weaker policy results in meta-header data and that meant the payload protocol can help here. Microsoft explored this method and had a secret source to determine how soft failures can be coupled with ADSP results.DMARC never considered partial results. DMARC see SPF as a pass not soft-fail. So if DKIM passes and all four (4) domain identities are aligned, the transaction passes. That’s an AND gate and you don’t need to even to process SPF or do DKIM validation if the domains do not align.
- [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Steven M Jones
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling forwarders, not just M… John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Mark Alley
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Todd Herr
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Brotman, Alex
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Laura Atkins
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Give up on SPF alone Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] list history, Signaling MLMs John R Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] list history, Signaling MLMs Hector Santos
- Re: [dmarc-ietf] list history, Signaling MLMs Wei Chuang
- Re: [dmarc-ietf] Give up on SPF alone Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely