IETF Logo Mail Archive

Re: [dmarc-ietf] draft-crocker-dmarc-author-00 ?

Dotzero <dotzero@gmail.com> Fri, 14 August 2020 18:16 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 823C63A11C5 for <dmarc@ietfa.amsl.com>; Fri, 14 Aug 2020 11:16:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBhiM587Tb-D for <dmarc@ietfa.amsl.com>; Fri, 14 Aug 2020 11:16:11 -0700 (PDT)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FB8C3A11D7 for <dmarc@ietf.org>; Fri, 14 Aug 2020 11:15:52 -0700 (PDT)
Received: by mail-wm1-x32d.google.com with SMTP id t14so8660266wmi.3 for <dmarc@ietf.org>; Fri, 14 Aug 2020 11:15:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=brhO2zHxfUP+sMM3qgxsoXxsumwZlsWPy4DDKV+8qew=; b=qxACvAMlDFnyxUoperqeudSX9gyG5VPE4M+Hg2hjGxIf7ZgQZTFb5Wf+qh+zpUmbUe D4WoBMduz2MqRXcm/s03WMOV3/hlMN5r/1CZfny+d1ooYoJXfEoJ7fGhRPiMd7IVbAgA AwK/QdG3NMGv6JPDLvsEhDa2VnIikoUbLOPodTmih6Sc36aqIqUHM0LEtn8jIAIHB+3y /AJGZcvS8hC34wPP/CihuboAaMOG29GyHISNR1OnsyOHFKCSBgn20FAnfOpl2Ev0CIJh fQgvlUodZfcagw09eNnadymA41pqv+D97tWWX3E+GfJVBTPhsN4I6PnpcmbSLyzxZV1P vy4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=brhO2zHxfUP+sMM3qgxsoXxsumwZlsWPy4DDKV+8qew=; b=bA/5ljY4fmrQkeo3iDWuFSPZjc5iCd7rnHr7i2M/ktrGLAL34xbssUy4N5x4pxi1qC eHMydg3m30Gg5Sji3WgeXN1plfia176B5qcQs+S9Rx0lMIGolZHylQsEEdYj87Y14/xY hBABCKBAvwrAdPw6OQklyZcAvZ0bN3drXrXoXdQjf4HuJVlIwrlxumEvxxpAHYuvP1sE zhiuCYjMja6xj/0WrhqUOpcxeQubsRf1VsjQKSWezN4k5UXr0gJC7Ra3SKPiQIo9nM73 PhFy5LVXl+JVZiQUBLPVedR7HCt0wajL72SPVPAtsI9rXEVgUwXxcQXO7v7YTFgWUCL1 E0oA==
X-Gm-Message-State: AOAM533x17g91S4PPBCOrIzthlPlqOOCxS451BYwzzvjAYrjhj6OTCEJ w0sbCejCsGdPidqPeuPz2WFxkPdxUT0IZa/l06M=
X-Google-Smtp-Source: ABdhPJw1zwjP4vwlK5ppS/BowH7/vWSeyzE+nXiWJ+OCSRF6SteyyB2gHIm0a4OAuETQe+2pj7YVDqrLsSsC0OZ6k8w=
X-Received: by 2002:a1c:7407:: with SMTP id p7mr3651347wmc.117.1597428950719; Fri, 14 Aug 2020 11:15:50 -0700 (PDT)
MIME-Version: 1.0
References: <20200811034740.BA1831E7FDBF@ary.local> <0c8afc68-bc51-702a-c794-610b2d355836@dcrocker.net> <83a8e95f-d85d-634e-0c93-eb2ddab2c69d@wordtothewise.com> <99810a58-3809-bfd2-3571-bac54430f9e8@tana.it> <CAOPP4WHWoVkA+ZWZ+2AFnH8_nKBxO+t3Z4trz347JV0fsEy83Q@mail.gmail.com> <003501d671b9$467c0670$d3741350$@bayviewphysicians.com> <CAOPP4WG0Az02DJ0TvWfnaWSfCjnqW3tLh3TTGOJu4BC4zNuQBA@mail.gmail.com> <CAJ4XoYeQxgu5Yj+Aag9kYY3HXMrXV8DPNczXP5L_BLoVaAv0Gg@mail.gmail.com> <CABuGu1qFWJNOjV9Fd=tB8Nzod5rw7GgY0OeS3cHgfMDGoZGYWg@mail.gmail.com> <CAOPP4WGY9+dE7A5XE-zQZHsdHsFNd+5woKUqJE6j3CmsWKdRRA@mail.gmail.com>
In-Reply-To: <CAOPP4WGY9+dE7A5XE-zQZHsdHsFNd+5woKUqJE6j3CmsWKdRRA@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
Date: Fri, 14 Aug 2020 14:15:39 -0400
Message-ID: <CAJ4XoYcYQUQZwh=FLKTj-_Y=whG4_7WzSsGaSPXYpn3aACfSZA@mail.gmail.com>
To: Neil Anuskiewicz <neil@marmot-tech.com>
Cc: "Kurt Andersen (b)" <kboth@drkurt.com>, IETF DMARC WG <dmarc@ietf.org>, Doug Foster <fosterd=40bayviewphysicians.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002963aa05acda69cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6wL2yGE2Pe2-zv1noJC6Nti8XyA>
Subject: Re: [dmarc-ietf] draft-crocker-dmarc-author-00 ?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 18:16:15 -0000

On Fri, Aug 14, 2020 at 1:32 PM Neil Anuskiewicz <neil@marmot-tech.com>
wrote:

>
>
> On Fri, Aug 14, 2020 at 8:13 AM Kurt Andersen (b) <kboth@drkurt.com>
> wrote:
>
>> On Fri, Aug 14, 2020 at 7:31 AM Dotzero <dotzero@gmail.com> wrote:
>>
>>>
>>> I've been involved in setting up DMARC with a policy of p=reject for
>>> somewhere North of 6,000 domains. As a sending domain, the heavy lifting is
>>> in getting buy-in across the organization that it is a worthwhile effort,
>>> getting control of your organization's mail flows and ensuring policies and
>>> procedures are communicated and followed. For complex environments there
>>> may need to be some automation required for creating and maintaining
>>> private/public key pairs and DNS records but that is much more
>>> straightforward than the aforementioned heavy lifting.
>>>
>>
>> Also note that said "heavy lifting" is not a one time expenditure of
>> effort. Having hoisted the weight bar above your head, it requires
>> organizational will and ongoing knowledge to stick to the higher bar week
>> in and week out. Entropy is never your friend in an organizational security
>> context. Neither are acquisitions :-)
>>
>> Yes, and that's why I use DMARC mostly as a tool for reporting. My
>> clients are typically small businesses who are worried about selling
>> widgets not about email so even if I help them set up email perfectly, they
>> could make a change a year from now without updating their SPF record or
>> deploying DKIM. I just changed my policy to reject (just for fun) assuming
>> this email will get through because of DMARC's OR logic.
>>
>
Which brings us back to the question of organizational implementation
issues vs  interoperability issues. Can a technical standards body solve
the problem of organizations shooting themselves in the foot because they
are worried about selling widgits and not about email? Why do I have a
feeling they start caring about email when it no longer works for them?
They have created a self induced personal interoperability issue. If they
changed their MX to use a random port other than port 25 to receive SMTP
connections would you suggest that the RFC should be written to
accommodate that?

Michael Hammer

v2.23.0 | Report a Bug | By Email