IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Scott Kitterman <sklist@kitterman.com> Thu, 27 April 2023 20:50 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E31EDC1519A3 for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 13:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="/tn67nwI"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="qIZUo5dt"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hO9XPk_sCH_0 for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 13:49:59 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9ED0C14CE29 for <dmarc@ietf.org>; Thu, 27 Apr 2023 13:49:59 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id DDC3DF80295; Thu, 27 Apr 2023 16:49:49 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1682628575; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=Rn9F0hJEmlEwzO9FluPDB3XwqW4JzNCbDAwddOEWyPQ=; b=/tn67nwIoFYwdpUHd3Pj4912JwdS7TLEFNu/EuTFtGuccC6N0jEIYAugTRS7mliajGLX1 mh0ovW/8Y3m09N7DQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1682628575; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=Rn9F0hJEmlEwzO9FluPDB3XwqW4JzNCbDAwddOEWyPQ=; b=qIZUo5dtyPCSBGppX5ZjGhaDczPaG27D7V4ziujxjaRidgdI5qypwvsUUh/JEifCc3t+q 7wzoIu6EJD0F6J9Of2BqhKqVQyN0lfpGvyCC9lY33d7IH1sfF8IfRYbAx+9NhfdmMMqC27V ZH/I0d88e1jvwFnwNyVhQlMCd08ac8zWc5FSGFh7jExH73WgaYAB5jz5KQt3peKfswCTw2v XHCkL8EivanR4i5RMXv5W6n+vl6DOjkxbCbOIoOlQKaQQfXZeVDaNEZSURe44PanNlfsmTL n+dk1quYdjhIqDLYPs+aRIGBi+ivPgy7/au4CrUH+0g0YOQaiFL4Hj0/K0PA==
Received: from [127.0.0.1] (mobile-166-171-56-155.mycingular.net [166.171.56.155]) by interserver.kitterman.com (Postfix) with ESMTPSA id BCD0AF8014A; Thu, 27 Apr 2023 16:49:34 -0400 (EDT)
Date: Thu, 27 Apr 2023 20:49:31 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <94a3da06-2ee9-ddb9-6c17-1dfa8aa5ba21@tana.it>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <29216533.CRhL9lMF2B@localhost> <9aaeadee-c29a-efe8-2c43-ed6fc1b3ed0d@tana.it> <D29CB79C-AAEB-4999-92C7-D19389916D98@kitterman.com> <94a3da06-2ee9-ddb9-6c17-1dfa8aa5ba21@tana.it>
Message-ID: <14423F44-E959-4440-A161-C260B46E704E@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6ufDQnP1i-2ZFEBYivXA9HSoLgA>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 20:50:04 -0000


On April 27, 2023 4:02:32 PM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>On Wed 26/Apr/2023 13:21:33 +0200 Scott Kitterman wrote:
>> On April 26, 2023 8:08:39 AM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>>> On Tue 25/Apr/2023 20:27:18 +0200 Scott Kitterman wrote:
>>>> My recollection is that a general formulation that I proposed had at least some traction out of both groups:
>>>> 
>>>>> [some appropriate description] domains MUST NOT publish restrictive DMARC
>>>>> policies due to interoperability issues
>>>> 
>>>> Leaving aside (for now) the question of what goes into [some appropriate description] and with the assumption that there will be some non-normative discussion to amplify whatever that is and probably give some indication about what domains might do to not be one of those domains, is there anyone who just can't live with that formulation of the situation?
>>> 
>>> Me, for one.  Because more than 98% of domains are going to fall into the description, however we word it, that statement makes the whole I-D nonsensical.  Cannot we just tell the problem without MUSTard?
>>> 
>>> In any case, using the complement of [some appropriate description] is certainly easier.  For example:
>>> 
>>>    Forcing authentication into Internet mail by publishing restrictive DMARC
>>>    policies breaks some well established patterns of usage.  Publishing such
>>>    policies is thus RECOMMENDED only for domains [in this other appropriate
>>>    description].
>> 
>> Thanks.
>> 
>> I understand your objection to be that the proposed description of the interoperability problems would apply to too many domains, regardless of the modifier we might use.  Is that correct?
>
>
>Nearly.  Too many would be 40%.  98% is practically all.  Indeed, we're talking of mailboxes used by humans...
>
>
>> I don't understand the technical issue associated with that objection.  I get that you feel the construction is too negative, but I don't have a sense you think it's inaccurate.  Focusing on the technical aspects of this, would you please help me understand what you think is technically incorrect about it?
>
>
>Perhaps MUST NOT would have some sense if DMARC were breaking a well known protocol.  The established patterns of usage we break are in turn breaking some other RFCs, aren't they?
>
>Why would the applied workaround have less merit than the original hack, from a formal POV?  I mean, if we stand by the letter of the protocols so much as to feel the need to say MUST NOT.
>
If we think internet standards are meaningful, then if the applied work around directly conflicts with an internet standard (which From rewriting does: RFC 5321 and predecessors), then it he as substantially less merit.

Scott K

v2.23.0 | Report a Bug | By Email