IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #1 - SPF alignment

"Murray S. Kucherawy" <superuser@gmail.com> Fri, 29 January 2021 20:31 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B0AD3A12AF for <dmarc@ietfa.amsl.com>; Fri, 29 Jan 2021 12:31:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RIYNCs8ekUwk for <dmarc@ietfa.amsl.com>; Fri, 29 Jan 2021 12:31:02 -0800 (PST)
Received: from mail-ua1-x92c.google.com (mail-ua1-x92c.google.com [IPv6:2607:f8b0:4864:20::92c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDB0C3A12AE for <dmarc@ietf.org>; Fri, 29 Jan 2021 12:31:01 -0800 (PST)
Received: by mail-ua1-x92c.google.com with SMTP id g13so3611413uaw.5 for <dmarc@ietf.org>; Fri, 29 Jan 2021 12:31:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eSEqgLZzjI+fpe/nhn+9SNtFTtNPDoGK99x9ykrkkyU=; b=dQmxmCt5deac59lNFxBfQO/cVRK1SnDQdu2mOyJBxOUT6yO1n1AWGgRnkLoedEWCzk u4o2jVqG2NPQ3lwLapdo2SyjHthaUphFj+BEfY3uUZ8bJ2hQL5FFBA+A/pMLQXT5DYLD /x6GNd3sDNyGG7z4Fjk+fDkyhWU3VUfHREEIXjqJFaEkPChGi/Ugd0ZlVrKLNUuS8Fxg EWWUs+EeaFwwJCy2VJUrFxyAfAPdwxB/JzUhRROf8BcLlK1F0uac555D7EpJAi2tl9vN p92WMkXbeUru9HE8oIW+GIp9qshxRCeupzRqKt6Vw+EKKMxUnB/J15FqM5DzuBJ3eE9B 4hwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eSEqgLZzjI+fpe/nhn+9SNtFTtNPDoGK99x9ykrkkyU=; b=QX+PX/rWS0vSxm2pjuRY9F+aAdcw6/cF79WnTp3CuhN5PAdlAlyfXZjPFKNDd/tA40 vdJ4AErNZnrApzVj2VTy/XN7fkD9z1TzJdQvn0LPdbugXUHjBdvJoCHZdAlBgcSEGVIf IP4mN4nBkOyaKuSvD0kPlNFQlGkVWM4q0ahC1PGMwDJGKPowC2ArkLO3XBQx0ACsX2lC fQ4IbgIzEUxF+eqWOkcobu3f6Uj7uYUsCncT0NMjfJ/N5RbLZWRe1yQHpghp3z4Mwcpv NU2crq4kEYevn0kaH5pwEK4Kv0xZKutQT8MWPtCnqd0meCKFjuhBMKhh8SJn1RH1xiLk zSyQ==
X-Gm-Message-State: AOAM531xMYeqYNMavrHgCwsBthGbZjvDGaPf2FFQzTcepQl+o4p8atDq RV685Y3v9/117yYSUqaMl+2P2hLj4UFwz3CCNkvHiKhSGsY=
X-Google-Smtp-Source: ABdhPJzQeYWOYyXtAyGASRXnUOCLqIV8LQbRHaDu3n8U/kD8jZi0RvHRVDL6DKNWflTVbR6iNHf5veV/sLxuvP00XRk=
X-Received: by 2002:a9f:2628:: with SMTP id 37mr3902932uag.87.1611952260802; Fri, 29 Jan 2021 12:31:00 -0800 (PST)
MIME-Version: 1.0
References: <bef64e7a-571b-a73f-dc91-aa402ca320c8@taugh.com> <1655426.E2olI3CrJK@zini-1880> <c39916f8-33f5-9876-c018-53085f5cc8f5@tana.it> <3776619.NdRDDhGtae@zini-1880> <81ab38a1-4b0a-3845-fc8c-7d49d7850c26@tana.it> <CAL0qLwZgB4iVSudbJeh8NGiKd1232SBTy4YDG6Zj-=LV+1m6Uw@mail.gmail.com> <fc735412-dfa2-20c8-087f-727b13eb3ad5@tana.it> <CAL0qLwbYxTXXXpx11L3f1CqBns=fSRho3C+S7q=-DmiPSvxKvg@mail.gmail.com> <cf51d6d4-0c7b-971d-bcac-743370f16433@tana.it>
In-Reply-To: <cf51d6d4-0c7b-971d-bcac-743370f16433@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Fri, 29 Jan 2021 12:30:49 -0800
Message-ID: <CAL0qLwYK7SFfV5fOb7qhy5hVgR15z4HEJbAHv38OFMAfC=_j-Q@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e66d5e05ba0fe140"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6u-cV8iFavjRMN_7OlSbpibS4do>
Subject: Re: [dmarc-ietf] Ticket #1 - SPF alignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2021 20:31:03 -0000

On Fri, Jan 29, 2021 at 3:02 AM Alessandro Vesely <vesely@tana.it> wrote:

> I just run a quick test on my current folder.  Out of 3879 messages I
> extracted
> 944 unique helo names.  721 of these matched the reverse lookup exactly.
> Out
> of the 223 remaining, 127 had an SPF pass for the helo identity anyway.
> So in
> 96 cases, roughly 10%, the helo name was indeed junk.  Isn't the remaining
> ~90%
> something worth considering?
>

I am admittedly quite heavily biased against using the HELO/EHLO value for
anything.  I have simply never found value in it, probably because at the
SMTP layer it's simply a value that gets logged or used in cute ways in the
human-readable portion of SMTP.  I seem to recall (but cannot seem to find
at the moment) RFC 5321 saying you can't reject HELO/EHLO based on a bogus
value, so it's even explicitly not useful to me.

Even if it's not junk, there's pretty much always something else on which
to hang a pass/fail decision about the apparent authenticity of a message
that at least feels safer if not actually being more sound.  Or put another
way, if you present to me a DKIM-signed message with a MAIL FROM value and
the only thing that passes is an SPF check against HELO, I'm mighty
skeptical.

Anyway, I'll let consensus fall where it may.

-MSK

v2.23.0 | Report a Bug | By Email