IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Hector Santos <hsantos@isdg.net> Fri, 30 June 2023 22:33 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30A3AC151064 for <dmarc@ietfa.amsl.com>; Fri, 30 Jun 2023 15:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b="KMLQbzqb"; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b="gFJ4YSvJ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znMBRUiQ1pcl for <dmarc@ietfa.amsl.com>; Fri, 30 Jun 2023 15:33:39 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A7E7C1575A8 for <dmarc@ietf.org>; Fri, 30 Jun 2023 15:20:48 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1236; t=1688163638; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Subject:From:Date: Message-Id:To:Organization:List-ID; bh=nhx+PmLS0PmxrhTJrzo9UomyK ETbNVM1XDq5XF7Ypuw=; b=KMLQbzqbtVOI5+smwcQoeo9+2J+YrhQAbKdYgamA+ wZ5UxY4kewA4ll+SLTfMntWMvhOgPIyW8M8XkNs8EZwbhzyjBRoCb6M7hTErzrsZ wy1L7EU45nkLZogyBRLTmgGU76D2V/3MFQjnka5wWy7OTWnRP2e9SfxMuH5bi5E3 BQ=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Fri, 30 Jun 2023 18:20:38 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=none author.d=isdg.net signer.d=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([3.132.92.116]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 4261344583.1.8924; Fri, 30 Jun 2023 18:20:37 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1236; t=1688163633; h=Received:Received: Subject:From:Date:Message-Id:To:Organization:List-ID; bh=nhx+PmL S0PmxrhTJrzo9UomyKETbNVM1XDq5XF7Ypuw=; b=gFJ4YSvJhMofmGL5H1OGQXw 94qc1Xns6DEbpzDpeiKb1gXj9JGEE+MJ6gbXD510LsgHg8Y4C+qodnQZtdLNjQru IK2oPIqXcCrXwRyCIPai5+fVd+DjR7y0dvDWo39H6GnoaDjNRRaUa7xlzQ3utrXk ZSassr5T6emaBEB2FDCw=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.12) for dmarc@ietf.org; Fri, 30 Jun 2023 18:20:33 -0400
Received: from smtpclient.apple ([99.122.210.89]) by beta.winserver.com (Wildcat! SMTP v8.0.454.12) with ESMTP id 412430709.1.20616; Fri, 30 Jun 2023 18:20:31 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
From: Hector Santos <hsantos@isdg.net>
In-Reply-To: <E53E9050-3086-4C94-AFD3-38DFD7391C3E@isdg.net>
Date: Fri, 30 Jun 2023 18:20:21 -0400
Cc: dmarc@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F2BD9ABD-1718-4E7D-B2F0-1DB7D225761C@isdg.net>
References: <20230623021810.E5F8DF9B3B94@ary.qy> <6495D504.4090809@isdg.net> <839aa10b-f7fa-c7a2-76db-6441189afca2@dusatko.org> <CALaySJ+gcVvpzJcrpUbOkOvjUFAhzw=pZovpZC7BhW_x7VW7nA@mail.gmail.com> <CAL0qLwasxzqJt7Hr7gZd86C=ivCrDUci_i6pkJJUTnqzL1pHMA@mail.gmail.com> <CALaySJ+gjR6D-OSE_07iSH2zXa7wypUQwPN1cL-1s+NC2S4L8g@mail.gmail.com> <99e1ef2d-053b-8cfe-f369-fa8475d142ae@tana.it> <CALaySJKZoAPTT-+cZEww+y2eUsDbNXcybb=Z7RxNLyfzPMr7ng@mail.gmail.com> <d3986316-02f9-9d73-be81-37af7cfd40a7@tana.it> <CALaySJLtUtKNtP4__pOryFLaAODjiEx-nbdvF9tL6wYhcRCe_g@mail.gmail.com> <877A1137-3A55-424A-A9C5-FCCA4F2D5436@kitterman.com> <c3adb721-fa6c-a285-a7db-067260d83f41@dusatko.org> <CAL0qLwZ_BpLegRFtU_E=rgkh+nV_hK6TCh0TEOCg-gbTP3B_2A@mail.gmail.com> <E53E9050-3086-4C94-AFD3-38DFD7391C3E@isdg.net>
To: Hector Santos <hsantos=40isdg.net@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6fiE4Zs8NQg2XI6qy9RccAb9OrE>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jun 2023 22:33:43 -0000

A small follow up about my DMARC view:

> On Jun 30, 2023, at 4:02 PM, Hector Santos <hsantos=40isdg.net@dmarc.ietf.org> wrote:
> 
> Overall, imo, it is never a good idea to exerted changes on domains with bis specs, requiring them to change their current DMARC record to reinforce the security level they want using SPF in DMARC evaluation. 
> 


I don’t want surprises. Higher support cost.   But is DMARC that “messed up?”   I mean, just like ADSP, it is abandonment material, honestly, easy.

But DMARC is big and it did one thing for the mail industry — the Lookup added to the SMTP process.  Moat SMTP receivers will do the the _dmarc.from-domain lookup.

DMARC is the #1 lookup record for this purpose,  a DKIM Policy Model.

We said very early on that but will take a while to get traction for a DKIM Policy model where lookups come with a good payoff, otherwise it is just wasted calls. 

Let’s leverage the lookup using a protocol language for a wide security coverage that offers dynamic rejection to clean the mail stream before passing it to local proprietary reputation databases.

Happy July 4th, Be safe.

—
HLS

v2.23.0 | Report a Bug | By Email